Irl Xe 16 Book

IP Routing: LISP Configuration Guide
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2011–2013 Cisco Systems, Inc. All rights reserved.

CONTENTS
CHAPTER 1 Read Me First 1
CHAPTER 2 Locator ID Separation Protocol (LISP) Overview 3

Finding Feature Information 3
Prerequisites for Configuring LISP 3
Restrictions for Configuring LISP 4
Information About Configuring LISP 4
LISP Functionality Overview 4
LISP Network Element Functions 5
LISP Alternative Logical Topology 5
LISP Egress Tunnel Router 6
LISP Ingress Tunnel Router (ITR) 6
LISP Map Resolver 6
LISP Map Server 7
LISP Proxy ETR 7
LISP Proxy ITR 7
Feature Information for LISP Overview 8
CHAPTER 3 Configuring LISP (Locator ID Separation Protocol) 11

Prerequsites for Configuring LISP 11
How to Configure LISP 12
Configure a Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID 12
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4
EID 17
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and Both an IPv4
and an IPv6 EID 22
Configure a Multihomed LISP Site with Two xTRs that Each have Both an IPv4 and an IPv6
RLOC and Both an IPv4 and an IPv6 EID 32

iii
Contents
Configure a Private LISP Mapping System Using a Standalone Map Resolver/Map

Server 42
Configure a Public Mapping System Using Separate ALT-Connected Map Resolver and
Map Server Devices 49
Configuring an ALT-Connected LISP Map Resolver 49
Configuring an ALT-Connected LISP Map Server 57
Configure a PETR and a PITR 68
Deploying a Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC 68
Deploying a Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC 72
Verify and Troubleshoot Locator ID Separation Protocol 82
Additional References 88
Feature Information for LISP 90
CHAPTER 4 LISP Multicast 91

Prerequisites for LISP Multicast 91
Restrictions for LISP Multicast 92
Information About LISP Multicast 92
How to Configure LISP Multicast 93
Configuring LISP Multicast 93
Configuring LISP Multicast in VRFs 95
Verifying LISP Multicast 98
Configuration Examples for LISP Multicast 100
Example: Configuring LISP Multicast 100
Example: Configuring LISP Multicast in VRFs 105
Additional References for LISP Multicast 106
Feature Information for LISP Multicast 107
CHAPTER 5 LISP Shared Model Virtualization 109

Information About LISP Shared Model Virtualization 110
Overview of LISP Virtualization 110
LISP Shared Model Virtualization 113
LISP Shared Model Virtualization Architecture 113
LISP Shared Model Virtualization Implementation Considerations and Caveats 115

iv
Contents
How to Configure LISP Shared Model Virtualization 115

Configure Simple LISP Shared Model Virtualization 115
Configuring a Private LISP Mapping System for LISP Shared Model Virtualization 122
Configure Large-Scale LISP Shared Model Virtualization 125
Configure a Remote Site for Large-Scale LISP Shared Model Virtualization 135
Verifying and Troubleshooting LISP Virtualization 140
Configuration Examples for LISP Shared Model Virtualization 146
Feature Information for LISP Shared Model Virtualization 148
CHAPTER 6 LISP Parallel Model Virtualization 151

Information About LISP Parallel Model Virtualization 151
Overview of LISP Virtualization 151
LISP Parallel Model Virtualization 154
LISP Parallel Model Virtualization Architecture 155
LISP Parallel Model Virtualization Implementation Considerations and Caveats 156
How to Configure LISP Parallel Model Virtualization 156
Configure Simple LISP Parallel Model Virtualization 156
Configuring a Private LISP Mapping System for LISP Parallel Model Virtualization 163
Verifying and Troubleshooting LISP Virtualization 168
Configuration Examples for LISP Parallel Model Virtualization 174
Feature Information for LISP Parallel Model Virtualization 176
CHAPTER 7 LISP Host Mobility Across Subnet 179

Information About LISP Host Mobility Across Subnet 179
Overview of LISP Host Mobility Across Subnet 179
CHAPTER 8 LISP Delegate Database Tree (DDT) 181

Information About Delegate Database Tree (DDT) 181
Overview of LISP Delegate Database Tree (DDT) 181

v
Contents
CHAPTER 9 LISP ESM Multihop Mobility 183

Restrictions for LISP ESM Multihop Mobility 183
Information About LISP ESM Multihop Mobility 184
LISP ESM Multihop Mobility Overview 184
How to Configure LISP ESM Multihop Mobility 186
Configuring First-Hop Router 186
Configuring Site Gateway xTR 189
Configuring xTR 193
Configuring Map Server Map Resolver 195
Configuration Examples for LISP ESM Multihop Mobility 197
Example: First-Hop Router Configuration 197
Example: Site Gateway xTR Configuration 198
Example: xTR Configuration 198
Example: Map Server Map Resolver Configuration 198
Additional References for LISP ESM Multihop Mobility 199
Feature Information for LISP ESM Multihop Mobility 199
CHAPTER 10 LISP Support for Disjoint RLOC Domains 201

Prerequisites for LISP Support for Disjoint RLOC Domains 202
Restrictions for LISP Support for Disjoint RLOC Domains 202
Information About LISP Support for Disjoint RLOC Domains 202
LISP Support for Disjoint RLOC Domains Overview 202
How to configure LISP Support for Disjoint RLOC Domains 205
Configuring xTR 205
Configuring MSMR 210
Configuring RTR 214
Verifying LISP Support for Disjoint RLOC Domains 218
Configuration Examples for LISP Support for Disjoint RLOC Domains 219
Example: Configuring xTR 219
Example: Configuring MSMR 220
Example: Configuring RTR 221
Example: Verifying LISP Support for Disjoint RLOC Domains 221

vi
Contents
Additional References for LISP Support for Disjoint RLOC Domains 223
Feature Information for LISP Support for Disjoint RLOC Domains 224
CHAPTER 11 LISP Data Plane Security 225

Prerequisites for LISP Data Plane Security 226
Restrictions for LISP Data Plane Security 226
Information About LISP Data Plane Security 226
Source RLOC Decapsulation Filtering 226
TCP-based Sessions for LISP Packet Transport 228
How to Configure LISP Data Plane Security 228
Configuring MSMR 228
Configuring the xTRs 230
Configuring PxTR 232
Verifying LISP Data Plane Security On a Map-Server 233
Verifying and Troubleshooting LISP Data Plane Security on an xTR or PxTR 234
Configuration Examples for LISP Data Plane Security 235
Example: Configuring MSMR 235
Example: Configuring the xTRs 235
Example: Configuring PxTR 236
Additional References for LISP Data Plane Security 236
Feature Information for LISP Data Plane Security 237
CHAPTER 12 LISP Reliable Registration 239

Information About LISP Reliable Registration 240
LISP Reliable Map Registration 240
Verifying the LISP Reliable Registration 241
Additional References for LISP Reliable Registration 243
Feature Information for LISP Reliable Registration 244
CHAPTER 13 Overlapping Prefix 245

Prerequisites for Overlapping Prefix 245
Information About Overlapping Prefix 245
Endpoint ID (EID) 245
EID-Prefix 245

vii
Contents
Map Server/Map Resolver (MS/MR) 246

How to Configure Overlapping Prefix 246
Configuring Overlapping Prefix 246
Verifying Overlapping Prefix 246
Additional References for Overlapping Prefix 247
Feature Information for Overlapping Prefix 248
CHAPTER 14 LISP Generalized SMR 249

Information About LISP Generalized SMR 249
Solicit-Map-Request (SMR) 249
Generalized SMR (GSMR) 249
Verifying LISP Generalized SMR 250
Additional References for LISP Reliable Registration 252
Feature Information for LISP Generalized SMR 253
CHAPTER 15 TTL Propagate Disable and Site-ID Qualification 255

Information About TTL Propagate Disable and Site-ID Qualification 255
LISP Site 255
Map Server (MS) 255
Routing Locator (RLOC) 255
Traceroute Tool 256
Site ID Qualification 256
TTL Propagation 257
How to Configure Site ID Qualification 258
Configuring Site ID Qualification 258
Example: Site ID Qualification 258
How to Disable TTL Propagation 259
Disabling TTL Propagation for EID-Table 259
Disabling TTL Propagation for Router LISP Tag 259
Verifying TTL Propagate Disable 259
Additional References for TTl Propagate Disable and Site-ID Qualification 261
Feature Information for TTL Propagate Disable and Site-ID Qualification 262
CHAPTER 16 DNA SA Border Node Support 263


viii
Contents
Restrictions for DNA SA Border Node Support 263

Information About DNA SA Border Node Support 264
Enabling VxLAN Encapsulation for LISP Control Plane 264
Configuring Border Node as LISP PxTR 265
Configuring Border Node as LISP xTR 266
Security Group Tag (SGT) Propagation 267
Configuration Example: Border Node as LISP PxTR 267
Configuration Example: Border Node as LISP xTR 271
Feature Information for DNA SA Border Node Support 273

ix
Contents

x
CHAPTER 1
Read Me First
Important Information about Cisco IOS XE 16
Effective Cisco IOS XE Release 3.7.0E (for Catalyst Switching) and Cisco IOS XE Release 3.17S (for
Access and Edge Routing) the two releases evolve (merge) into a single version of converged release—the
Cisco IOS XE 16—providing one release covering the extensive range of access and edge products in the
Switching and Routing portfolio.
Feature Information
Use Cisco Feature Navigator to find information about feature support, platform support, and Cisco software
image support. An account on Cisco.com is not required.
Related References
• Cisco IOS Command References, All Releases
Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service
request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's
New in Cisco Product Documentation RSS feed. RSS feeds are a free service.

1
Read Me First

2
CHAPTER 2
Locator ID Separation Protocol (LISP) Overview
Locator ID Separation Protocol (LISP) is a network architecture and protocol that implements the use of
two namespaces instead of a single IP address:
• Endpoint identifiers (EIDs)—assigned to end hosts.
• Routing locators (RLOCs)—assigned to devices (primarily routers) that make up the global routing
system.
Splitting EID and RLOC functions yields several advantages including improved routing system scalability,
and improved multihoming efficiency and ingress traffic engineering.
LISP functionality requires LISP-specific configuration of one or more LISP-related devices, such as the
LISP egress tunnel router (ETR), ingress tunnel router (ITR), proxy ETR (PETR), proxy ITR (PITR), map
resolver (MR), map server (MS), and LISP alternative logical topology (ALT) device.
• Finding Feature Information, page 3

• Prerequisites for Configuring LISP, page 3
• Restrictions for Configuring LISP, page 4
• Information About Configuring LISP, page 4
Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring LISP

Before you can configure Locator/ID Separation Protocol (LISP), you will need to determine the type of LISP
deployment you intend to deploy. The LISP deployment defines the necessary functionality of LISP devices,

3
Restrictions for Configuring LISP
which, in turn, determines the hardware, software, and additional support from LISP mapping services and
proxy services that are required to complete the deployment.
LISP configuration requires the datak9 license.
Restrictions for Configuring LISP

LISP is not supported on Tunnels.
Information About Configuring LISP
LISP Functionality Overview

Problem
The continuous growth of the Internet presents a number of challenges. Among the most fundamental of these
challenges is ensuring that the routing and addressing system continues to function efficiently even as the
number of connected devices continues to increase. A basic observation during early network research and
development work was that the single IP address, which includes both identity and location, leads to suboptimal
route scaling and hinders multihoming and device mobility.
Solution
Locator ID Separation Protocol (LISP) provides improved routing scalability and facilitates flexible address
assignment for multi-homing, provider independence, mobility, and virtualization. LISP offers an alternative
to traditional Internet architecture by introducing two separate IP addresses: one to indicate routing locators
(RLOCs) for routing traffic through the global Internet and a second address for endpoint identifiers (EIDs)
used to identify network sessions between devices.

4
LISP Network Element Functions
The figure below displays a general overview illustration of a LISP deployment environment, including the
three essential environments that exist in a LISP environment: LISP sites (EID namespace), non-LISP sites
(RLOC namespace), and LISP mapping service (infrastructure).
Figure 1: LISP Deployment Environment
As illustrated in the figure, the LISP EID namespace represents customer end sites in the same way that end
sites are defined in non-LISP environments with one difference: The IP addresses used within these LISP
sites are not advertised within the non-LISP Internet (RLOC namespace). Instead, end-customer LISP
functionality is deployed exclusively on customer endpoint routers, which perform both the egress tunnel
router (ETR) and ingress tunnel router (ITR) functions of a LISP device (abbreviated as xTR in the figure).
To fully implement LISP with support for mapping services and Internet interworking may require additional
LISP infrastructure components as part of the deployment. As displayed in the figure above, these additional
LISP infrastructure components include devices that function in the LISP roles of map resolver (MR), map
server (MS), proxy egress tunnel router (PETR), proxy ingress tunnel router (PITR), and LISP alternative
logical topology (ALT) device.

The LISP architecture defines seven LISP-specific network infrastructure components. In some cases, a single
physical device can implement more than one of these logical components. For more information, refer to the
descriptions of the LISP components described in the following sections:
LISP Alternative Logical Topology

An alternative logical topology (ALT) device (not present in all mapping database deployments) connects
through generic routing encapsulation (GRE) tunnels and border gateway protocol (BGP) sessions, map
resolvers, map servers, and other ALT routers. The only purpose of ALT routers is to accept EID (Endpoint
IDentifier) prefixes advertised by devices that form a hierarchically distinct part of the EID numbering space
and then advertise an aggregated EID prefix that represents that distinct space to other parts of the ALT. Just
as in the global Internet routing system, this aggregation is performed to reduce the number of prefixes that

5
need to be propagated throughout the entire network. An MS or combined MR/MS may also be configured
to perform the functions of an ALT router.
LISP Egress Tunnel Router

An ETR connects a site to the LISP-capable part of a core network (such as the Internet), publishes
EID-to-RLOC mappings for the site, responds to Map-Request messages, and decapsulates and delivers
LISP-encapsulated user data to end systems at the site. During operation, an ETR sends periodic Map-Register
messages to all its configured map servers. The Map-Register messages contain all the EID-to-RLOC entries
for the EID-numbered networks that are connected to the ETR’s site.
An ETR that receives a Map-Request message verifies that the request matches an EID for which it is
authoritative, constructs an appropriate Map-Reply message containing its configured mapping information,
and sends this message to the ingress tunnel router (ITR) whose RLOCs are listed in the Map-Request message.
An ETR that receives a LISP-encapsulated packet that is directed to one of its RLOCs decapsulates the packet,
verifies that the inner header is destined for an EID-numbered end system at its site, and then forwards the
packet to the end system using site-internal routing.
The ETR function is usually implemented in the customer premises equipment (CPE) router and does not
require hardware changes on software-switched platforms, such as a Cisco Integrated Services Router (ISR).
The same CPE router will often provide both ITR and ETR functions and, when doing so, is referred to as an
xTR.
LISP Ingress Tunnel Router (ITR)

An ITR is responsible for finding EID-to-RLOC mappings for all traffic destined for LISP-capable sites.
When the ITR receives a packet destined for an EID, it first looks for the EID in its mapping cache. If the ITR
finds a match, it encapsulates the packet inside a LISP header with one of its RLOCs as the IP source address
and one of the RLOCs from the mapping cache entry as the IP destination. The ITR then routes the packet
normally.
If no entry is found in the ITR's mapping cache, the ITR sends a Map-Request message to one of its configured
map resolvers and then discards the original packet. When the ITR receives a response to its Map-Request
message, it creates a new mapping cache entry with the contents of the Map-Reply message. When another
packet, such as a retransmission for the original and, now, discarded packet arrives, the new mapping cache
entry is used for encapsulation and forwarding.
Note Sometimes the Map-Reply message will indicate that the destination is not an EID. When this happens,
a negative mapping cache entry is created, which causes packets to either be discarded or forwarded
natively when the packets match that cache entry.
Like the ETR, an ITR is usually implemented in a LISP site’s customer premises equipment (CPE) router,
which is typically configured as an xTR (performs functions of both ETR and ITR components).
LISP Map Resolver

Like an MS, a LISP MR connects to the ALT. The function of the LISP MR is to accept encapsulated
Map-Request messages from ingress tunnel routers (ITRs), decapsulate those messages, and then forward the
messages to the MS responsible for the egress tunnel routers (ETRs) that are authoritative for the requested
EIDs.

6
When an MR is implemented concurrently with an MS in a private mapping system deployment, the concurrent
MS forwards the encapsulated Map-Request messages to the authoritative ETRs. When a LISP ALT is present
in the deployment, the MR forwards the Map-Request messages directly over the ALT to the MS responsible
for the ETRs that are authoritative for the requested EIDs. An MR also sends Negative Map-Replies to ITRs
in response to queries for non-LISP addresses.
LISP Map Server

An MS implements part of the distributed LISP mapping database by accepting registration requests from its
client egress tunnel routers (ETRs), aggregating the successfully registered EID prefixes of those ETRs, and
advertising the aggregated prefixes into the alternative logical topology (ALT) with border gateway protocol
(BGP).
In a small private mapping system deployment, an MS may be configured to stand alone (or there may be
several MSs) with all ETRs configured to register to each MS. If more than one, all MSs have full knowledge
of the mapping system in a private deployment.
In a larger or public mapping system deployment, an MS is configured with a partial mesh of generic routing
encapsulation (GRE) tunnels and BGP sessions to other map server systems or ALT routers. For these
deployments, ETRs need to register to only one MS (or a few if redundancy is desired) and an ALT device
is used to ensure that the entire LISP mapping system is available to all MS and MR devices.
Because an MS does not forward user data traffic—it handles only LISP control plane traffic—it does not
require high performance switching capability and is well suited for implementation on a general purpose
router, such as a Cisco Integrated Services Router (ISR). Both MS and MR functions are typically implemented
on the same device, which is referred to as an MR/MS device.
LISP Proxy ETR

A LISP PETR implements ETR functions on behalf of non-LISP sites. A PETR is typically used when a LISP
site needs to send traffic to non-LISP sites but the LISP site is connected through an access network of a
service provider that does not accept nonroutable EIDs as packet sources.
When dual-stacked, a PETR may also serve as a way for EIDs and RLOCs to communicate in a LISP site
that contains EIDs in one address family and RLOCs in a different address family. A dual-stacked PETR also
provides multiaddress family support for LISP EIDs within one address family to be able to communicate
with non-LISP destinations in the same address family over a core network within a different address family.
Example
A LISP site with IPv4-only RLOC connectivity can send IPv6 EIDs within an IPv4 LISP header across the
IPv4 Internet to a dual-stacked PETR where the packets are decapsulated and then forwarded natively to
non-LISP IPv6 Internet sites.
The PETR function is commonly configured on a device that also functions as a PITR. A device that functions
as both a PETR and a PITR is known as a PxTR. Additionally, a PETR carries LISP data plane traffic and
can be a high packet-rate device. To take advantage of this high packet-rate capability, deployments typically
include hardware-switched platforms or high-end Cisco Integrated Services Routers (ISRs).
LISP Proxy ITR

A LISP PITR implements ITR mapping database lookups and LISP encapsulation functions on behalf of
non-LISP-capable sites. PITRs are typically deployed near major Internet exchange points (IXPs) or in ISP
networks to allow non-LISP customers from those networks to connect to LISP sites. In addition to

7
Feature Information for LISP Overview
implementing ITR functionality, a PITR also advertises some or all of the non-routable EID prefix space to
the part of the non-LISP-capable Internet that it serves so that the non-LISP sites will route traffic toward the
PITR for encapsulation and forwarding to LISP sites.
Note PITR advertising of nonroutable EID prefix space is intended to be highly aggregated with many EID
prefixes represented by each prefix that is advertised by a PITR.
Like the PETR, when dual-stacked, the PITR also provides multiple-address family support. But the PITR
supports transport of non-LISP traffic from one address family to LISP sites in the same address family over
a core network within a different address family.
Example
A LISP site with IPv4-only RLOC connectivity can take advantage of a dual-stacked PITR to allow non-LISP
IPv6 Internet users to reach IPv6 EIDs across the IPv4 Internet.
The PITR function is commonly configured on a device that also functions as a PETR. A device that functions
as both a PETR and a PITR is known as a PxTR. Additionally, a PITR carries LISP data plane traffic and can
be a high packet-rate device. To take advantage of this high packet-rate capability, deployments typically
include hardware-switched platforms or high-end Cisco® Integrated Services Routers (ISRs).

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Table 1: Feature Information for LISP Overview
Feature Name Releases Feature Information

LISP Overview 15.1(4)M The LISP Overview feature
provides a general overview of
Cisco IOS XE Release 3.3.0S
LISP and its components. The
following LISP components are
supported:
• Egress tunnel router (ETR)
• Ingress tunnel router (ITR)
• LISP alternative logical
topology (ALT) device
• Map resolver (MR)
• Map server (MS)
• Proxy ETR (PETR)
• Proxy ITR (PITR)

8

LISP, SHA-2 support for site 15.3(2)T LISP can be configured to use
registration SHA2-based HMAC algorithm for
Cisco IOS XE Release 3.9S
integrity-checking LISP site
registration messages. Prior to this
release, only SHA1-based HMAC
algorithm was supported.
The following commands were
modified:
• ipv4 etr map-server
• ipv6 etr map-server

9

10
CHAPTER 3
Configuring LISP (Locator ID Separation Protocol)
This guide describes how to configure basic Locator ID Separation Protocol (LISP) functionality on all
LISP-related devices, including the egress tunnel router (ETR), ingress tunnel router (ITR), proxy ETR
(PETR), proxy ITR (PITR), map resolver (MR), map server (MS), and LISP-ALT device.
LISP is a network architecture and protocol that implements the use of two namespaces instead of a single
IP address. These namespaces, known as endpoint identifiers (EIDs), are assigned to end-hosts and routing
locators (RLOCs), which are assigned to devices (primarily routers) that make up the global routing system.
Splitting EID and RLOC functions delivers improvements in routing system scalability, multi-homing
efficiency, and ingress traffic engineering.
• Prerequsites for Configuring LISP, page 11

• How to Configure LISP, page 12
• Additional References, page 88
• Feature Information for LISP, page 90
Prerequsites for Configuring LISP

• If a LISP xTR is also a First Hop Router (FH) or a Rendezvous Point (RP), then the xTR needs to have
at least one connected interface that is covered by a local LISP database mapping. Before an ITR forwards
traffic over LISP, it does a source check to ensure that the source address of the traffic stream is a local
EID (database mapping). Since PIM register and register-stop messages are sourced directly from the
router itself, to be forwarded over LISP, the messages must come from an interface covered by a database
mapping. A loopback or other connected interface is fine for this purpose. No additional configuration
is required to ensure the proper address is selected.
This prerequisite is not required on a Proxy xTR, which does not do a source check.

11
How to Configure LISP
How to Configure LISP
Configure a Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
Perform this task to configure a dual-homed LISP site with two IPv4 RLOCs and an IPv4 EID. In this task,
a LISP site uses a single edge router configured as both an ITR and an ETR (known as an xTR) with two
connections to upstream providers. Both of the RLOCs and the EID prefix are IPv4. The LISP site registers
to two map resolver/map server (MR/MS) devices in the network core. The topology used in this LISP
configuration is shown in the figure below.
Figure 2: Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
The components illustrated in the topology shown in the figure are described below:
• LISP site:
• The CPE functions as a LISP ITR and ETR (xTR).
• The LISP xTR is authoritative for the IPv4 EID prefix of 172.16.1.0/24.
• The LISP xTR has two RLOC connections to the core. The RLOC connection to SP1 is 10.1.1.2/30;
the RLOC connection to SP2 is 10.2.1.2/30.
• For this simple dual-homed configuration, the LISP site policy specifies equal load sharing between
service provider (SP) links for ingress traffic engineering.
• Mapping system:
• Two map resolver/map server (MR/MS) systems are assumed to be available for the LISP xTR to
configure. The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10.
• Mapping Services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of this LISP
site xTR, there is no difference.

12
Note Map server and map resolver configurations are not shown here. See the "Configure a
Private LISP Mapping System Using a Standalone Map Resolver/Map Server" section
for information about map server and map resolver configuration.
This task shows how to enable and configure LISP ITR and ETR (xTR) functionality when using a LISP map
server and map resolver for mapping services.
SUMMARY STEPS
1. configure terminal
2. router lisp
3. Do one of the following:
• database-mapping EID-prefix/prefix-length locator priority priority weight weight
• database-mapping EID-prefix/prefix-length ipv4-interface locator priority priority weight weight
4. Repeat one of the choices in Step 3 to configure a second RLOC.

5. ipv4 itr
6. ipv4 etr
7. ipv4 itr map-resolver map-resolver-address
8. ipv4 etr map-server map-server-address key key-type authentication-key
9. exit
10. ip route ipv4-prefix next-hop
11. exit
DETAILED STEPS
Command or Action Purpose

Step 1 configure terminal Enters global configuration mode.
Example:
Router# configure terminal
Step 2 router lisp Enters LISP configuration mode ( software only).
Example:
Router(config)# router lisp
Step 3 Do one of the following: Configures an EID-to-RLOC mapping relationship and its associated traffic
policy for this LISP site.
• database-mapping
EID-prefix/prefix-length locator • In this step example, a single EID prefix, 172.16.1.0/24, is being
priority priority weight weight associated with the single IPv4 RLOC 10.1.1.2 but the weight

13

• database-mapping argument of 50 signifies that a second database-mapping command
EID-prefix/prefix-length ipv4-interface is to be configured in the next step.
locator priority priority weight weight • In the second example, the configuration shows the use of the
dynamic interface form of the database-mapping command. This
form is useful when the RLOC address is obtained dynamically, such
Example: as via DHCP.
Router(config-router-lisp)#
database-mapping 172.16.1.0/24 10.1.1.2
priority 1 weight 50
Example:
database-mapping 172.16.1.0/24
ipv4-interface GigabitEthernet0/0/0
Step 4 Repeat one of the choices in Step 3 to —

configure a second RLOC.
Step 5 ipv4 itr Enables LISP ITR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 itr
Step 6 ipv4 etr Enables LISP ETR functionality for the IPv4 address family.
Example:
Router(config-router-lisp)# ipv4 etr
Step 7 ipv4 itr map-resolver map-resolver-address Configures the locator address of the LISP map resolver to which this
router will send Map-Request messages for IPv4 EID-to-RLOC mapping
Example: resolutions.
Router(config-router-lisp)# ipv4 itr • The locator address of the map resolver may be an IPv4 or IPv6
map-resolver 10.10.10.10 address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map resolver is reachable via its IPv4 locator
address. (See the LISP Command Reference for more details.)
Note Up to two map resolvers may be configured if multiple map

resolvers are available. (See the LISP Command Reference for
more details.)
Step 8 ipv4 etr map-server map-server-address key Configures the locator address of the LISP map server and the
key-type authentication-key authentication key that this router, acting as an IPv4 LISP ETR, will use
to register with the LISP mapping system.
Example: • The map server must be configured with EID prefixes matching those
Router(config-router-lisp)# ipv4 etr configured on this ETR and with an identical authentication key.
map-server 10.10.10.10 key 0 some-key

14

Note The locator address of the map server may be an IPv4 or IPv6
address. In this example, because each xTR has only IPv4 RLOC
connectivity, the map server is reachable via its IPv4 locator
address. (See the LISP Command Reference for more details.)
Note Up to two map servers may be configured if multiple map servers
are available. (See the LISP Command Reference for more details.)
Step 9 exit Exits LISP configuration mode and returns to global configuration mode.
Example:
Router(config-router-lisp)# exit
Step 10 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and non-LISP
Router(config)# ip route 0.0.0.0 sites are forwarded in one of two ways:
0.0.0.0 10.1.1.1
• LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP.
• Packets are deemed to be a candidate for LISP encapsulation when

they are sourced from a LISP EID and the destination matches one
of the following entries:
• a current map-cache entry
• a default route with a legitimate next-hop
• no route at all
In this configuration example, because the xTR has IPv4 RLOC

connectivity, a default route to the upstream SP is used for all IPv4 packets
to support LISP processing.
Step 11 exit Exits global configuration mode.
Example:
Router(config)# exit

15
Example:
Figure 3: Dual-Homed LISP Site with Two IPv4 RLOCs and an IPv4 EID
This example shows the complete configuration for the LISP topology illustrated in the figure above and in
this task.
hostname xTR
!
no ip domain lookup
ip cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
interface GigabitEthernet0/0/0
description Link to SP1 (RLOC)
ip address 10.1.1.2 255.255.255.252
!
ip address 10.2.1.2 255.255.255.252
!
description Link to Site (EID)
ip address 172.16.1.1 255.255.255.0
!
router lisp
database-mapping 172.16.1.0/24 10.1.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 itr map-resolver 10.10.10.10
ipv4 etr map-server 10.10.10.10 key 0 some-key
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 10.2.1.1

16
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4 EID
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and
an IPv4 EID
Perform this task to configure a multihomed LISP site with two xTRs, two IPv4 RLOCs, and an IPv4 EID.
In this task, a LISP site uses two edge routers. Each edge router is configured as an xTR (each performs as
both an ITR and an ETR) and each also includes a single IPv4 connection to an upstream provider. (Two
different providers are used in this example but the same upstream provider could be used for both connections.)
Both of the RLOCs and the EID prefix are IPv4. The LISP site registers to two map resolver/map server
(MR/MS) devices in the network core. The topology used in this typical multihomed LISP configuration is
shown in the figure below.
Figure 4: Typical Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4 EID
• LISP site:
• Two CPE routers make up the LISP site: xTR-1 and xTR-2.
• Both CPE routers function as LISP xTRs (that is, an ITR and an ETR).
• The LISP site is authoritative for the IPv4 EID prefix of 172.16.1.0/24.
• Each LISP xTR has a single IPv4 RLOC connection to the core: the RLOC connection for xTR-1
to SP1 is 10.1.1.2/30; the RLOC connection for xTR-2 to SP2 is 10.2.1.2/30.
• For this multihomed case, the LISP site policy specifies equal load-sharing between service provider
(SP) links for ingress traffic engineering.
• Mapping system:

17
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping
system or as a public LISP mapping system. From the perspective of the configuration of these
LISP site xTRs, there is no difference.
Perform the steps in this task (once through for each xTR in the LISP site) to enable and configure LISP ITR
and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. The
example configurations at the end of this task show the full configuration for configuring two xTRs (xTR1
and xTR2).
SUMMARY STEPS
2. router lisp
3. database-mapping EID-prefix/prefix-length locator priority priority weight weight
4. Repeat Step 3 to configure a second RLOC for the same xTR.
5. ipv4 itr
6. ipv4 etr
8. Repeat Step 7 to configure a second locator address for the map resolver.
10. Repeat Step 9 to configure a second locator address for the map server.
11. exit
13. exit
DETAILED STEPS

Example:

18

Example:
Step 3 database-mapping Configures an EID-to-RLOC mapping relationship and its associated traffic
EID-prefix/prefix-length locator priority policy for this LISP site.
priority weight weight
• In this step example, a single EID prefix, 172.16.1.0/24, is being
associated with a LISP site that contains two separate xTRs. Each xTR
Example: has a single IPv4 RLOC connection to the core. In this example, xTR-1
Router(config-router-lisp)# has an IPv4 RLOC connection to SP1 at 10.1.1.2 but the weight
database-mapping 172.16.1.0/24 argument of 50 signifies that a second database-mapping command
10.1.1.2 priority 1 weight 50
is to be configured in the next step.
Note Two database-mapping commands are required on each xTR to

indicate to the mapping system that this LISP site is reachable via
these two IPv4 RLOCs. In this example, one RLOC is local
(connected) to one xTR and the other is local (connected) to the
other xTR.
Step 4 Repeat Step 3 to configure a second RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
for the same xTR. policy for an xTR on this LISP site.
• In this step example, the second RLOC connection for xTR-1 has an
Example: IPv4 RLOC connection to SP2 (10.2.1.2).
database-mapping 172.16.1.0/24 Note When a LISP site contains multiple xTRs, all xTRs must be
configured with identical database-mapping commands to provide
the mapping system with consistent information about EID-to-RLOC
mappings.
Example:
Example:
Step 7 ipv4 itr map-resolver Configures a locator address for the LISP map resolver to which this router
map-resolver-address will send Map-Request messages for IPv4 EID-to-RLOC mapping resolutions.
• The locator address of the map resolver may be an IPv4 or IPv6 address.
Example: In this example, because each xTR has only IPv4 RLOC connectivity,
Router(config-router-lisp)# ipv4 itr the map resolver is reachable via its IPv4 locator address. (See the LISP
map-resolver 10.10.10.10 Command Reference for more details.)

19

Note Up to two map resolvers may be configured if multiple map resolvers
Step 8 Repeat Step 7 to configure a second locator Configures a second locator address for the LISP map resolver to which this
address for the map resolver. router will send Map-Request messages for IPv4 EID-to-RLOC mapping
resolutions.
Example:
map-resolver 10.10.30.10
Step 9 ipv4 etr map-server map-server-address Configures a locator address for the LISP map server and an authentication
key key-type authentication-key key that this router, acting as an IPv4 LISP ETR, will use to register with the
LISP mapping system.
Example: • In this example, each xTR must register to both map servers.
map-server 10.10.10.10 key 0 • The map server must be configured with EID prefixes matching those
some-key configured on this ETR and with an identical authentication key.
connectivity, the map server is reachable via its IPv4 locator address.
(See the LISP Command Reference for more details.)
Step 10 Repeat Step 9 to configure a second locator Configures a second locator address for the LISP map server and the
address for the map server. authentication key that this router will use to register with the LISP mapping
system.
Example:
map-server 10.10.30.10 key 0
some-key
Example:
Step 12 ip route ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4 destinations.
• All IPv4 EID-sourced packets destined to both LISP and non-LISP sites
Example: are forwarded in one of two ways:
Router(config)# ip route 0.0.0.0
0.0.0.0 10.1.1.1 • LISP-encapsulated to a LISP site when traffic is LISP-to-LISP
• natively forwarded when traffic is LISP-to-non-LISP
• Packets are deemed to be a candidate for LISP encapsulation when they

are sourced from a LISP EID and the destination matches one of the
following entries:

20

• no route at all
In this configuration example, because the xTR has IPv4 RLOC connectivity,
a default route to the upstream SP is used for all IPv4 packets to support LISP
processing.
Example:
Example:
Figure 5: Typical Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and an IPv4 EID
The examples below show the complete configuration for the LISP topology illustrated in the figure above
and in this task:
Example configuration for xTR-1:
!
hostname xTR-1
!
no ip domain lookup

21
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and Both an IPv4 and an IPv6 EID
ip cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
ip address 10.1.1.2 255.255.255.252
!
ip address 172.16.1.2 255.255.255.0
!
router lisp
ipv4 itr
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
hostname xTR-2
!
no ip domain lookup
ip cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
ip address 10.2.1.2 255.255.255.252
!
ip address 172.16.1.3 255.255.255.0
!
router lisp
ipv4 itr
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
Configure a Multihomed LISP Site with Two xTRs and Two IPv4 RLOCs and
Both an IPv4 and an IPv6 EID
Perform this task to configure a multihomed LISP site with two xTRs, two IPv4 RLOCs, and both an IPv4
and an IPv6 EID. In this task, a LISP site uses two edge routers. Each edge router is configured as an xTR

22
(each performs as both an ITR and an ETR) and each also includes a single IPv4 connection to an upstream
provider. (Two different providers are used in this example but the same upstream provider could be used for
both connections.) Both of the RLOCs and one of the EIDs are IPv4. However, in this example, the LISP site
includes an IPv6 EID, as well.
This LISP site requires the use of Proxy Ingress/Egress Tunnel Router (PxTR) LISP infrastructure for access
to non-LISP IPv6 addresses. That is, the LISP site uses only its IPv4 RLOCs to reach IPv6 LISP and non-LISP
addresses. Additionally, this LISP site registers to two map resolver/map server (MR/MS) devices in the
network core. The topology used in this multihomed LISP configuration is shown in the figure below.
Figure 6: Multihomed LISP Site with Two xTRs, Two IPv4 RLOCs, and Both an IPv4 and an IPv6 EID
• LISP site:
• The LISP site is authoritative for both the IPv4 EID prefix of 172.16.1.0/24 and the IPv6 EID
prefix 2001:db8:a::/48.
• Each LISP xTR has a single RLOC connection to the core: the RLOC connection for xTR-1 to
SP1 is 10.1.1.2/30; the RLOC connection for xTR-2 to SP2 is 10.2.1.2/30.
• Mapping system:

23
• PxTR services are also assumed to be provided as part of this LISP solution via a private or public
mapping system. From the perspective of the configuration of these LISP site xTRs, there is no
difference.
• The PxTRs have IPv4 RLOCs of 10.10.10.11 and 10.10.30.11 and will be used (as PETRs) for
LISP IPv6 EIDs to reach non-LISP IPv6 sites. Return traffic is attracted by the PITR function
(with the assumption that the PITR advertises coarse aggregates for IPv6 LISP EIDs into the IPv6
core.)
and ETR (xTR) functionality when using a LISP map server and map resolver for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (xTR1 and xTR2).

24
SUMMARY STEPS
2. router lisp
4. Repeat Step 3 to configure a second RLOC (10.2.1.2) for the same xTR and IPv4 EID prefix.
5. Repeat Step 3 and Step 4 to configure the same RLOC connections, again, for the same xTR but, when
repeating these two steps, associate the IPv6 EID prefix, 2001:db8:a::/48, instead of the IPv4 EID prefix.
6. ipv4 itr
7. ipv4 etr
9. Repeat Step 8 to configure a second locator address of the map resolver.
12. ipv6 itr
13. ipv6 etr
15. Repeat Step 14 to configure a second locator address for the map resolver.
18. ipv6 use-petr petr-address
19. Repeat Step 18 to configure a second locator address for the PETR.
20. exit
22. exit
DETAILED STEPS

Example:
Example:
Step 3 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated traffic
locator priority priority weight weight policy for this LISP site.

25

• In steps 3, 4, and 5 of this example, an IPv4 EID prefix, 172.16.1.0/24,
Example: and an IPv6 prefix, 2001:db8:a::/48, are being associated with a LISP
site that contains two separate xTRs that each have a single IPv4 RLOC
Router(config-router-lisp)# connection to the core. In this first step example, xTR-1 is configured
10.1.1.2 priority 1 weight 50 with an IPv4 RLOC connection to SP1 at 10.1.1.2 but the weight
argument of 50 signifies that a second database-mapping command
is to be configured in the next step.
Note Four database-mapping commands are required for each xTR to

indicate to the mapping system that both the associated IPv4 and
IPv6 EID prefixes are reachable at this LISP site via these two IPv4
RLOCs. In this example, one RLOC is local (connected) to one
xTR and the other is local (connected) to the other xTR.
Step 4 Repeat Step 3 to configure a second RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
(10.2.1.2) for the same xTR and IPv4 EID policy for an xTR on this LISP site.
prefix.
• In this step example, the second RLOC connection for xTR-1 has an
IPv4 RLOC connection to SP2 (10.2.1.2).
Example:
Router(config-router-lisp)# Note When a LISP site contains multiple xTRs, all xTRs must be
database-mapping 172.16.1.0/24 configured with identical database-mapping commands to provide
the mapping system with consistent information about EID-to-RLOC
mappings.
Step 5 Repeat Step 3 and Step 4 to configure the —
same RLOC connections, again, for the
same xTR but, when repeating these two
steps, associate the IPv6 EID prefix,
2001:db8:a::/48, instead of the IPv4 EID
prefix.
Example:
Example:
map-resolver-address will send Map-Request messages for IPv4 EID-to-RLOC mapping
resolutions.
Example: • The locator address of the map resolver may be an IPv4 or IPv6 address.
Router(config-router-lisp)# ipv4 itr In this example, because each xTR has only IPv4 RLOC connectivity,
map-resolver 10.10.10.10 the map resolver is reachable via its IPv4 locator address. (See the LISP
Command Reference for more details.)

26

resolvers are available. (See the LISP Command Reference for more
details.)
address of the map resolver. router will send Map-Request messages for IPv4 EID-to-RLOC mapping
resolutions.
Example:
key key-type authentication-key key that this router, acting as an IPv4 LISP ETR, will use to register with
the LISP mapping system.
Step 11 Repeat Step 10 to configure a second locator Configures a second locator address for the LISP map server and the
address for the map server. authentication key that this router will use to register with the LISP mapping
system.
Example:
some-key
Example:
Example:

27

map-resolver-address will send Map-Request messages for IPv6 EID-to-RLOC mapping
resolutions.
Example: • The locator address of the map resolver may be an IPv4 or IPv6 address.
Router(config-router-lisp)# ipv6 itr In this example, because each xTR has only IPv4 RLOC connectivity,
map-resolver 10.10.10.10 the map resolver is reachable via its IPv4 locator address. (See the LISP
Command Reference for more details.)

resolvers are available. (See the LISP Command Reference for more
details.)
address for the map resolver. router will send Map-Request messages for IPv4 EID-to-RLOC mapping
resolutions.
Example:
key key-type authentication-key key that this router, acting as an IPv6 LISP ETR, will use to register to the
Step 17 Repeat Step 16 to configure a second locator Configures a second locator address for the LISP map server and an
address for the map server. authentication key that this router, acting as an IPv6 LISP ETR, will use to
register with the LISP mapping system.
Example:
some-key
Step 18 ipv6 use-petr petr-address Configures a locator address for the Proxy Egress Tunnel Router (PETR) to
which each xTR will forward LISP-encapsulated IPv6 EIDs (using the xTR's
Example: IPv4 RLOC) to reach non-LISP IPv6 addresses.
Router(config-router-lisp)# ipv6
use-petr 10.10.10.11

28

Note The PETR is assumed to be dual-stacked and capable of natively
reaching the non-LISP IPv6 address. In addition, the PITR is
assumed to be dual-stacked and to be advertising coarse aggregates
for IPv6 LISP EIDs into the IPv6 core to handle return traffic
(non-LISP IPv6 to LISP IPv6 over an IPv4 infrastructure).
Note The locator address of the PETR may be an IPv4 or IPv6 address.
In this example, because each xTR has only IPv4 RLOC
connectivity, the PETR is reachable via its IPv4 locator address.
Note Up to eight PETRs may be configured if multiple PETRs are
available. (See the LISP Command Reference for more details.)
Step 19 Repeat Step 18 to configure a second locator Configures a second locator address for the PETR to which each xTR will
address for the PETR. forward LISP-encapsulated IPv6 EIDs (using the xTR's IPv4 RLOC) to
reach non-LISP IPv6 addresses.
Example:
use-petr 10.10.30.11
Example:
• All IPv4 EID-sourced packets destined to both LISP and non-LISP
Example: sites are forwarded in one of two ways:

they are sourced from a LISP EID and the destination matches one of
the following entries:
• no route at all
a default route to the upstream SP is used for all IPv4 packets to support
LISP processing.

29

Example:
Example:
Figure 7: Multihomed LISP Site with Two xTRs, Two IPv4 RLOCs, and Both an IPv4 and an IPv6 EID
and in this task:
!
hostname xTR-1
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255
!
interface LISP0
!
ip address 10.1.1.2 255.255.255.252

30
!
ip address 172.16.1.2 255.255.255.0
ipv6 address 2001:db8:a:1::2/64
!
router lisp
database-mapping 2001:db8:a::/48 10.1.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
ipv6 use-petr 10.10.10.11
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
ipv6 route ::/0
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
ip address 10.2.1.2 255.255.255.252
!
ip address 172.16.1.3 255.255.255.0
!
router lisp
ipv4 itr
ipv4 etr
ipv4 etr map-server 10.10.10.10 key 0 some-xtr-key
ipv6 itr
ipv6 etr

31
Configure a Multihomed LISP Site with Two xTRs that Each have Both an IPv4 and an IPv6 RLOC and Both an IPv4
and an IPv6 EID
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
!
ipv6 route ::/0
Configure a Multihomed LISP Site with Two xTRs that Each have Both an IPv4
and an IPv6 RLOC and Both an IPv4 and an IPv6 EID
Perform this task to configure a multihomed LISP site with two xTRs, each with both an IPv4 and an IPv6
RLOC and both with an IPv4 and an IPv6 EID. In this task, a LISP site uses two edge routers. Each edge
router is configured as an xTR (each performs as both an ITR and an ETR) and each also includes a single,
dual stack (IPv4 and IPv6) connection to an upstream provider. (Two different providers are used in this
example but the same upstream provider could be used for both connections.) Each xTR has an IPv4 RLOC
and an IPv6 RLOC and both IPv4 and IPv6 EID prefixes are being used within the LISP site. However,
because the site has both IPv4 and IPv6 RLOCs, it does not require a Proxy Ingress/Egress Tunnel Router
(PxTR) LISP infrastructure for access to non-LISP IPv6 addresses. (The PxTR infrastructure can still be
configured as a resiliency mechanism if desired.)
The LISP site registers to two map resolver/map server (MR/MS) devices in the network core using both IPv4
and IPv6 locators. The topology used in this multihomed LISP configuration is shown in the figure below.
Figure 8: Multihomed LISP Site with Two xTRs, Each with an IPv4 and an IPv6 RLOC and each with an IPv4 and an IPv6
EID
• LISP site:

32
and an IPv6 EID
• The LISP site is authoritative for both the IPv4 EID prefix of 172.16.1.0/24 and the IPv6 EID
prefix 2001:db8:a::/48.
• Each LISP xTR has a single IPv4 RLOC connection and a single IPv6 RLOC connection to the
core: the RLOC connections for xTR-1 to SP1 include an IPv4 RLOC, 10.1.1.2/30, and an IPv6
RLOC, 2001:db8:e000:1::2/64. The xTR-2 connections to SP2 include IPv4 RLOC 10.2.1.2/30
and IPv6 RLOC 2001:db8:f000:1::2/64.
• Mapping system:
• Two map resolver/map server systems are assumed to be available for the LISP xTR to configure.
The MR/MSs have IPv4 RLOCs 10.10.10.10 and 10.10.30.10 and IPv6 RLOCs 2001:db8:e000:2::1
and 2001:db8:f000:2::1.
Note Map resolver and map server configurations are not shown here. See the "Configure a
for information about map resolver and map server configuration.
• PxTR services are not required in this example since both xTRs have dual-stack connectivity to
the core.
and ETR (xTR) functionality when using a LISP map resolver and map server for mapping services. The

33
and an IPv6 EID
SUMMARY STEPS
2. router lisp
4. Repeat Step 3 to configure a second IPv4 RLOC for the same xTR and IPv4 EID prefix.
5. Repeat Step 3 and Step 4 to configure the same RLOC connections, again, for the same xTR but, when
repeating these two steps, associate the IPv6 EID prefix, 2001:db8:a::/48, instead of the IPv4 EID prefix.
6. Repeat Step 3, Step 4, and Step 5 to configure the second set of IPv4 and IPv6 RLOC connections on the
same xTR for both the IPv4 and IPv6 EID prefixes.
7. ipv4 itr
8. ipv4 etr
10. Repeat Step 9 to configure a second locator address of the LISP map resolver.
11. Repeat Step 9 and Step 10 to configure the IPv6 locator addresses of the LISP two map resolvers.
13. Repeat Step 12 to configure a second locator address of the map server.
14. Repeat Step 12 and Step 13 to configure the IPv6 locator addresses of the two map servers.
15. ipv6 itr
16. ipv6 etr
18. Repeat Step 17 to configure a second IPv6 locator address of the LISP map resolver.
19. Repeat Step 17 and Step18 to configure the IPv6 (instead of IPv4) locator addresses for the two map
resolvers to which this router will send Map-Request messages for IPv6 EID-to-RLOC mapping resolutions.
21. Repeat Step 20 to configure a second locator address of the LISP map server.
22. Repeat Steps 20 and 21 to configure the IPv6 locator addresses of the two map servers for which this
router, acting as an IPv6 LISP ETR, will use to register to the LISP mapping system.
23. exit
25. exit
DETAILED STEPS

Example:

34
and an IPv6 EID

Example:
Step 3 database-mapping EID-prefix/prefix-length Configures an EID-to-RLOC mapping relationship and its associated
locator priority priority weight weight traffic policy for this LISP site.
• In this example, a single IPv4 EID prefix, 172.16.1.0/24, and a
Example: single IPv6 prefix, 2001:db8:a::/48, are being associated with a
Router(config-router-lisp)# LISP site that contains two separate xTRs that each have a single
database-mapping 172.16.1.0/24 10.1.1.2 IPv4 RLOC connection and a single IPv6 connection to the core.
In this first database-mapping step example, xTR-1 is configured
with an IPv4 RLOC connection to SP1 (10.1.1.2) and an IPv6
RLOC connection to SP1 (2001:db8:e000:1::2/64.) while xTR-2
has an IPv4 RLOC connection of10.2.1.2 to SP2 and an IPv6
RLOC connection of 2001:db8:f000:1::2/64 to SP2. The weight
argument of 50 signifies that a second database-mapping
command is to be configured in the next step.
Note Eight database-mapping commands are required for each

xTR to indicate to the mapping system that both the IPv4
and IPv6 EID prefixes are reachable at this LISP site via both
the two IPv4 RLOCs and the two IPv6 RLOCs. In this
example, one IPv4 RLOC and one IPv6 RLOC are local
(connected) to one xTR and the others are local (connected)
to the other xTR.
Step 4 Repeat Step 3 to configure a second IPv4 RLOC Configures an EID-to-RLOC mapping relationship and its associated
for the same xTR and IPv4 EID prefix. traffic policy for an xTR on this LISP site.
• In this step example, the second RLOC connection for xTR-1
Example: has an IPv4 RLOC connection to SP2 (10.2.1.2).
database-mapping 172.16.1.0/24 10.2.1.2 Note When a LISP site contains multiple xTRs, all xTRs must be
configured with identical database-mapping commands to
provide the mapping system with consistent information
about EID-to-RLOC mappings.
Step 5 Repeat Step 3 and Step 4 to configure the same —
RLOC connections, again, for the same xTR but,
when repeating these two steps, associate the IPv6
EID prefix, 2001:db8:a::/48, instead of the IPv4
EID prefix.
Example:
database-mapping 2001:db8:a::/48 10.1.1.2

35
and an IPv6 EID
Example:
database-mapping 2001:db8:a::/48 10.2.1.2
Step 6 Repeat Step 3, Step 4, and Step 5 to configure the —

second set of IPv4 and IPv6 RLOC connections
on the same xTR for both the IPv4 and IPv6 EID
prefixes.
Example:
Example:
Step 9 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this
router will send Map-Request messages for IPv4 EID-to-RLOC
Example: mapping resolutions.
map-resolver 10.10.10.10 address. In this example, because each xTR has both IPv4 and
IPv6 RLOC connectivity, the map resolver is reachable via both
IPv4 and IPv6 locator addresses. (See the LISP Command
Reference for more details.)

resolvers are available. (See the LISP Command Reference
for more details.)
Step 10 Repeat Step 9 to configure a second locator address Configures a second locator address for the LISP map resolver to
of the LISP map resolver. which this router will send Map-Request messages for IPv4
EID-to-RLOC mapping resolutions.
Example:
Step 11 Repeat Step 9 and Step 10 to configure the IPv6 —

locator addresses of the LISP two map resolvers.

36
and an IPv6 EID

Step 12 ipv4 etr map-server map-server-address key Configures a locator address for the LISP map server and an
key-type authentication-key authentication key that this router, acting as an IPv4 LISP ETR, will
use to register with the LISP mapping system.
Example: • In this example, a second xTR can be registered to the same two
Router(config-router-lisp)# ipv4 etr map servers using the same authentication key.
• The map server must be configured with EID prefixes matching
those configured on this ETR and with an identical authentication
key.
Note The locator address of the map server may be an IPv4 or

IPv6 address. In this example, because each xTR has both
IPv4 and IPv6 RLOC connectivity, the map server is
reachable via both IPv4 and IPv6 locator addresses. (See the
LISP Command Reference for more details.)
Note Up to two map servers may be configured if multiple map
servers are available. (See the LISP Command Reference for
more details.)
Step 13 Repeat Step 12 to configure a second locator Configures a second IPv4 locator address of the LISP map server and
address of the map server. the authentication key that this router, acting as an IPv4 LISP ETR,
will use to register with the LISP mapping system.
Example:
Step 14 Repeat Step 12 and Step 13 to configure the IPv6 —

locator addresses of the two map servers.
Example:
ipv4 etr map-server 2001:db8:e000:2::1 key
0 some-xtr-key
Example:
ipv4 etr map-server 2001:db8:f000:2::1 key
0 some-xtr-key
Example:
Example:

37
and an IPv6 EID

router will send Map-Request messages for IPv6 EID-to-RLOC
Example: mapping resolutions.
map-resolver 10.10.10.10 address. In this example, because each xTR has both IPv4 and
IPv6 RLOC connectivity, the map resolver is reachable via both
IPv4 and IPv6 locator addresses. (See the LISP Command
Reference for more details.)

resolvers are available. (See the LISP Command Reference
for more details.)
Step 18 Repeat Step 17 to configure a second IPv6 locator Configures a second locator address of the map resolver to which this
address of the LISP map resolver. router will send Map-Request messages for IPv6 EID-to-RLOC
mapping resolutions.
Example:
Step 19 Repeat Step 17 and Step18 to configure the IPv6 —

(instead of IPv4) locator addresses for the two map
resolvers to which this router will send
Map-Request messages for IPv6 EID-to-RLOC
mapping resolutions.
Example:
ipv6 itr map-resolver 2001:db8:e000:2::1
Example:
ipv6 itr map-resolver 2001:db8:f000:2::1
Step 20 ipv6 etr map-server map-server-address key Configures a locator address for the LISP map server and an
key-type authentication-key authentication key that this router, acting as an IPv6 LISP ETR, will
use to register to the LISP mapping system.
Example: • In this example, a second xTR can be registered to the same two
Router(config-router-lisp)# ipv6 etr map servers using the same authentication key.
• The map server must be configured with EID prefixes matching
those configured on this ETR and with an identical authentication
key.
Note The locator address of the map server may be an IPv4 or

IPv6 address. In this example, because each xTR has both
IPv4 and IPv6 RLOC connectivity, the map server is
reachable via both IPv4 and IPv6 locator addresses. (See the
LISP Command Reference for more details.)

38
and an IPv6 EID

Note Up to two map servers may be configured if multiple map
servers are available. (See the LISP Command Reference for
more details.)
Step 21 Repeat Step 20 to configure a second locator Configures a second locator address for the LISP map server and an
address of the LISP map server. authentication key that this router, acting as an IPv6 LISP ETR, will
use to register with the LISP mapping system.
Example:
Step 22 Repeat Steps 20 and 21 to configure the IPv6 —

locator addresses of the two map servers for which
this router, acting as an IPv6 LISP ETR, will use
to register to the LISP mapping system.
Example:
ipv6 etr map-server 2001:db8:e000:2::1 key
0 some-xtr-key
Example:
ipv6 etr map-server 2001:db8:f000:2::1 key
0 some-xtr-key
Step 23 exit Exits LISP configuration mode and returns to global configuration
mode.
Example:
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and
Router(config)# ip route 0.0.0.0 0.0.0.0 non-LISP sites are forwarded in one of two ways:
10.1.1.1
• LISP-encapsulated to a LISP site when traffic is
LISP-to-LISP
• Packets are deemed to be a candidate for LISP encapsulation

when they are sourced from a LISP EID and the destination
matches one of the following entries:
• no route at all

39
and an IPv6 EID

connectivity, a default route to the upstream SP is used for all IPv4
packets to support LISP processing.
Example:
Example:
Figure 9: Multihomed LISP Site with Two xTRs, Each with an IPv4 and an IPv6 RLOC and each with an IPv4 and an IPv6
EID
and in this task:
!
hostname xTR-1
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
ip address 172.17.1.1 255.255.255.255

40
and an IPv6 EID
!
interface LISP0
!
ip address 10.1.1.2 255.255.255.252
ipv6 address 2001:db8:e000:1::2/64
!
ip address 172.16.1.2 255.255.255.0
!
router lisp
database-mapping 172.16.1.0/24 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:f000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:f000:1::2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv4 etr map-server 2001:db8:e000:2::1 key 0 some-xtr-key
ipv4 etr map-server 2001:db8:f000:2::1 key 0 some-xtr-key
ipv6 itr
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
ipv6 route ::/0 2001:db8:e000:1::1
!
!
hostname xTR-2
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
ip address 172.17.1.2 255.255.255.255
!
interface LISP0
!
ip address 10.2.1.2 255.255.255.252
ipv6 address 2001:db8:f000:1::2/64
!
ip address 172.16.1.3 255.255.255.0

41
Configure a Private LISP Mapping System Using a Standalone Map Resolver/Map Server
!
router lisp
database-mapping 172.16.1.0/24 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 172.16.1.0/24 2001:db8:f000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:e000:1::2 priority 1 weight 50
database-mapping 2001:db8:a::/48 2001:db8:f000:1::2 priority 1 weight 50
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.2.1.1
!
ipv6 route ::/0 2001:db8:f000:1::1
!
Configure a Private LISP Mapping System Using a Standalone Map

Resolver/Map Server
Perform this task to configure and enable standalone LISP map resolver/map server (MR/MS) functionality
for both IPv4 and IPv6 address families. In this task, a Cisco device is configured as a standalone MR/MS
for a private LISP mapping system. Because the MR/MS is configured as a standalone device, it has no need
for LISP alternative logical topology (ALT) connectivity. All relevant LISP sites must be configured to register
with this map server so that this map server has full knowledge of all registered EID prefixes within the
(assumed) private LISP system. However, because this device is functioning as a map resolver/map server,
the data structure associated with an ALT virtual routing and forwarding (VRF) table must still be configured
to hold LISP EIDs for registered sites.

42
The map resolver/map server is configured with both IPv4 and IPv6 RLOC addresses. The topology used in
this most basic LISP MR/MS configuration is shown in the figure below.
Figure 10: Standalone LISP Map Resolver/Map Server with both IPv4 and IPv6 RLOCs
The components illustrated in the topology shown in the figure are described below, although the map resolver
is configured separately:
Mapping System
• The LISP device is configured to function as a standalone map resolver/map server (MR/MS).
• The xTRs in the LISP site are assumed to be registered to this map server. That is, the xTR registers the
IPv4 EID prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR also registers the IPv6 EID
of prefix 2001:db8:a::/48.
• The MR/MS has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.

43
SUMMARY STEPS
2. vrf definition vrf-name
3. address-family ipv4 [unicast]
4. exit-address-family
5. address-family ipv6
7. exit
8. router lisp
9. ipv4 alt-vrf vrf-name
10. ipv4 map-server
11. ipv4 map-resolver
13. ipv6 map-server
15. site site-name
16. eid-prefix EID-prefix
17. authentication-key [key-type] authentication-key
18. exit
19. Repeat Steps 15 through 18 to configure additional LISP sites.
20. exit
22. ipv6 route ipv6-prefix next-hop
23. exit
DETAILED STEPS

Example:
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters VRF
configuration mode.
Example: • Use the vrf-name argument to specify a name to be assigned to
Router(config)# vrf definition lisp the VRF table. In this example, a VRF table named lisp is
created to hold EID prefixes.

44

Step 3 address-family ipv4 [unicast] Enters VRF IPv4 address family configuration mode to specify an
IPv4 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv4 EID
Router(config-vrf)# address-family ipv4 prefixes.
Step 4 exit-address-family Exits VRF IPv4 address family configuration mode and returns to
VRF configuration mode.
Example:
Router(config-vrf-af)#
exit-address-family
Step 5 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify an
Example:
exit-address-family
Step 7 exit Exits VRF configuration mode and enters global configuration mode.
Example:
Router(config-vrf)# exit
Example:
Step 9 ipv4 alt-vrf vrf-name Associates a VRF table with the LISP ALT for IPv4 EIDs.
• In this example, the VRF table named lisp (created in Step 2)
Example: is associated with the LISP ALT.
Router(config-router-lisp)# ipv4 alt-vrf
lisp
Step 10 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address
family.
Example:
map-server

45

Step 11 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4 address
family.
Example:
map-resolver
lisp
family.
Example:
map-server
family.
Example:
map-resolver
Step 15 site site-name Specifies a LISP site named Site-1 and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on
Router(config-router-lisp)# site Site-1 which it is configured. It has no relevance anywhere else.
This name is used solely as an administrative means of
associating one or more EID prefixes with an authentication
key and other site-related mechanisms.
Step 16 eid-prefix EID-prefix Configures an IPv4 or IPv6 EID prefix associated with this LISP site.
• Repeat this step as necessary to configure additional EID
Example: prefixes under this LISP sites.
Router(config-router-lisp-site)#
eid-prefix 172.16.1.0/24 • In this step example, only an IPv4 EID prefix is configured but
to complete the configuration, an IPv6 EID prefix must also be
configured.
Note The LISP ETR must be configured with matching EID

prefixes and an identical authentication key.
Note Additional eid-prefix command configuration options are
available. (See the LISP Command Reference for more
details.)
Step 17 authentication-key [key-type] Configures the authentication key associated with this site.
authentication-key

46

Example: prefixes and an identical authentication key.
Note The authentication-key can be configured with Type 6
Router(config-router-lisp-site)# encryption. (See the LISP Command Reference for more
authentication-key 0 some-key
details.)
Step 18 exit Exits LISP site configuration mode and returns to LISP configuration
mode.
Example:
Router(config-router-lisp-site)# exit
Step 19 Repeat Steps 15 through 18 to configure —

additional LISP sites.
mode.
Example:
Step 21 ip route ipv4-prefix next-hop Configures an IPv4 static route.

• In this example, a default route to the upstream next hop for all
Example: IPv4 destinations is created.
Router(config)# ip route 0.0.0.0 0.0.0.0
10.1.1.1
Step 22 ipv6 route ipv6-prefix next-hop Configures an IPv6 static route.

• In this example, a default route to the upstream next hop for all
Example: IPv6 destinations is created.
Router(config)# ipv6 route ::/0
2001:db8:e000:1::1
Step 23 exit Exits global configuration mode and returns to privileged EXEC
mode.
Example:

47
Example:
Figure 11: Standalone LISP Map Resolver/Map Server with both IPv4 and IPv6 RLOCs
The example below shows the complete configuration for the LISP topology illustrated in the figure above
and in this task. However, this example is for a full configuration of a standalone LISP MR/MS and includes
some basic IPv4 and IPv6 configuration not covered in this task:
!
hostname MR-MS
!
vrf definition lisp
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
ip address 172.17.2.1 255.255.255.255
!
interface LISP0
!
ip address 10.10.10.10 255.255.255.0
ipv6 address 2001:db8:e000:2::1/64
!
router lisp
site Site-1
authentication-key some-key
eid-prefix 172.16.1.0/24
eid-prefix 2001:db8:a::/48
exit
!
site Site-2
authentication-key another-key
eid-prefix 172.16.2.0/24
eid-prefix 2001:db8:b::/48
exit

48
Configure a Public Mapping System Using Separate ALT-Connected Map Resolver and Map Server Devices
!
!---more LISP site configs---
!
ipv4 map-server
ipv4 map-resolver
ipv4 alt-vrf lisp
ipv6 map-server
ipv6 map-resolver
ipv6 alt-vrf lisp
exit
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::fof
Configure a Public Mapping System Using Separate ALT-Connected Map

Resolver and Map Server Devices
The following tasks show how to configure a map resolver (MR) and a map server (MS) on separate devices,
each using LISP alternative logical topology (ALT) connectivity. The MR and MS share their EID prefix
information via the LISP ALT connectivity, which is typical of a public LISP deployment model where higher
performance and scalability (for tasks such as the handling of Map-Request messages) is required. The LISP
ALT is implemented as an overlay virtualized network using GRE tunnels and BGP, which allows for separation
of EID prefixes from the underlying core network.
Configuring an ALT-Connected LISP Map Resolver

Before You Begin
Perform this task to configure LISP alternative logical topology (ALT) map resolver functionality for both
IPv4 and IPv6 address family mapping services.
Note You must also configure an ALT-connected LISP map server (see the Configuring an ALT-Connected
LISP Map Server task).

49
In the figure below, the map resolver (MR) and map server (MS) are configured on separate devices and share
their EID prefix information via connectivity.
Figure 12: ALT-Connected LISP Map Resolver and Map Server, each having both an IPv4 and an IPv6 RLOC
The map resolver illustrated in the topology shown in the figure is described below; the map server and LISP
ALT are configured in separate tasks:
Mapping System
• Two LISP devices are configured, one as an MS and the other as an MR.
• The MS has an IPv4 locator of 10.10.10.13/24 and an IPv6 locator of 2001:db8:e000:2::3/64.
• The MR has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.
• Assume that the xTRs in the LISP site register to this map server. That is, the xTR registers the IPv4
EID-prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR registers the IPv6 EID-prefix of
2001:db8:a::/48.
Note The configuration of the xTR must be changed to use the MS RLOC for its map server
configuration and the MR RLOC for its map resolver configuration. For example:
• ipv4 itr map-resolver 10.10.10.10
• ipv4 etr map-server 10.10.10.13 key 0 some-key
Other Infrastructure
• The MR has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.1.1/30 and
2001:db8:ffff::1/64, respectively, and the MS has IPv4 and IPv6 tunnel endpoints of 192.168.1.2/30 and
2001:db8:ffff::2/64, respectively, in the same VRF table. This tunnel is used for the ALT.

50
SUMMARY STEPS
3. rd route-distinguisher
8. exit
9. interface type number
10. vrf forwarding vrf-name
11. ip address ip-address mask
12. ipv6 address ipv6-address/mask
13. tunnel source interface-type interface-number
14. tunnel destination ipv4-address
15. exit
16. router lisp
21. exit
22. router bgp autonomous-system-number
23. address-family ipv4 [unicast | multicast | vrf vrf-name]
24. neighbor ip-address remote-as autonomous-system-number
25. neighbor ip-address activate
26. exit
27. address-family ipv6 vrf vrf-name
30. exit
31. exit
34. exit

51
DETAILED STEPS

Example:
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters
Example: • Use the vrf-name argument to specify a name to be assigned
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created
to hold EID prefixes.
Step 3 rd route-distinguisher Creates routing and forwarding tables for a VRF.
Example:
Router(config-vrf)# rd 1:1
Step 4 address-family ipv4 [unicast] Enters VRF IPv4 address family configuration mode to specify
an IPv4 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv4
Router(config-vrf)# address-family ipv4 EID prefixes.
Step 5 exit-address-family Exits VRF IPv4 address family configuration mode and returns
to VRF configuration mode.
Example:
Router(config-vrf-af)# exit-address-family
Step 6 address-family ipv6 Enters VRF IPv6 address family configuration mode to specify
an IPv6 address family for a VRF table.
Example: • In this example, the VRF table named lisp handles IPv6
Router(config-vrf)# address-family ipv6 EID prefixes.
Step 7 exit-address-family Exits VRF IPv6 address family configuration mode and returns
to VRF configuration mode.
Example:
Step 8 exit Exits VRF configuration mode and enters global configuration
mode.
Example:

52

Step 9 interface type number Specifies the interface type of tunnel and the interface number
and enters interface configuration mode.
Example:
Router(config)# interface tunnel 192
Step 10 vrf forwarding vrf-name Associates a VRF instance configured in Step 2 with the tunnel
interface configured in Step 9.
Example: • When the interface is bound to a VRF, previously
Router(config-if)# vrf forwarding lisp configured IP addresses are removed, and the interface is
disabled.
Step 11 ip address ip-address mask Configures an IPv4 address for the tunnel interface.
Example:
Router(config-if)# ip address 192.168.1.1
255.255.255.252
Step 12 ipv6 address ipv6-address/mask Configures an IPv6 address for the tunnel interface.
Example:
Router(config-if)# ipv6 address
2001:db8:ffff::1/64
Step 13 tunnel source interface-type interface-number Configures the tunnel source.
Example:
Router(config-if)# tunnel source
GigabitEthernet 0/0/0
Step 14 tunnel destination ipv4-address Configures the tunnel destination IPv4 address for the tunnel
interface.
Example:
Router(config-if)# tunnel destination
10.10.10.13
Step 15 exit Exits interface configuration mode and enters global configuration
mode.
Example:
Router(config-if)# exit
Example:

53

Step 17 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4
address family.
Example:
map-resolver
• In this example, the VRF table named lisp (created in Step
Example: 2) is associated with the LISP ALT.
lisp
Step 19 ipv6 map-resolver Enables LISP map resolver functionality for EIDs in the IPv6
address family.
Example:
map-resolver
lisp
mode.
Example:
Step 22 router bgp autonomous-system-number Enters router configuration mode for the specified routing
process.
Example:
Router(config)# router bgp 65010
Step 23 address-family ipv4 [unicast | multicast | vrf Specifies the IPv4 address family and enters IPv4 address family
vrf-name] configuration mode.
• The vrf keyword and vrf-name argument specify the name
Example: of the VRF instance to associate with subsequent
Router(config-router)# address-family ipv4 commands.
vrf lisp
2) is associated with the BGP IPv4 VRF that carries
EID-prefixes in the LISP ALT.

54

Step 24 neighbor ip-address remote-as Adds the IP address of the neighbor in the specified autonomous
autonomous-system-number system to the IPv4 multiprotocol BGP neighbor table of the local
router.
Example:
Router(config-router-af)# neighbor
192.168.1.2 remote-as 65011
Step 25 neighbor ip-address activate Enables the neighbor to exchange prefixes for the IPv4 unicast
address family.
Example:
192.168.1.2 activate
Step 26 exit Exits IPv4 address family configuration mode and returns to
router configuration mode.
Example:
Router(config-router-af)# exit
Step 27 address-family ipv6 vrf vrf-name Specifies the IPv6 address family and enters IPv6 address family
configuration mode.
Example: • The vrf keyword and vrf-name argument specify the name
Router(config-router)# address-family ipv6 of the VRF instance to associate with subsequent
vrf lisp commands.
2) is associated with the BGP IPv6 VRF that carries
EID-prefixes in the LISP ALT.
Step 28 neighbor ip-address remote-as Adds the IPv6 address of the neighbor in the specified
autonomous-system-number autonomous system to the IPv6 multiprotocol BGP neighbor
table of the local router.
Example:
2001:db8:ffff::2 remote-as 65011
address family.
Example:
2001:db8:ffff::2 activate
Step 30 exit Exits address family configuration mode and returns to router
configuration mode.
Example:

55

Step 31 exit Exits router configuration mode and returns to global
configuration mode.
Example:
Router(config-router)# exit

• In this example, a default route to the upstream next hop
Example: for all IPv4 destinations is created.
10.10.10.1

• In this example, a default route to the upstream next hop
Example: for all IPv6 destinations is created.
2001:db8:e000:2::f0f
mode.
Example:
Examples

56
The example below shows the full configuration for a LISP map resolver including some basic IP and IPv6
configuration not included in the task table for this task:
!
vrf definition lisp
rd 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel192
vrf forwarding lisp
ip address 192.168.1.1 255.255.255.252
ipv6 address 2001:db8:ffff::1/64
tunnel source GigabitEthernet 0/0/0
tunnel destination 10.10.10.13
!
interface GigabitEthernet 0/0/0
ip address 10.10.10.10 255.255.255.0
ipv6 address 2001:db8:e000:2::1/64
!
router lisp
ipv4 map-resolver
ipv4 alt-vrf lisp
ipv6 map-resolver
ipv6 alt-vrf lisp
exit
!
router bgp 65010
bgp asnotation dot
bgp log-neighbor-changes
!
address-family ipv4 vrf lisp
neighbor 192.168.1.2 remote-as 65011
neighbor 192.168.1.2 activate
exit-address-family
!
neighbor 2001:db8:ffff::2 remote-as 65011
neighbor 2001:db8:ffff::2 activate
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::f0f
!
Configuring an ALT-Connected LISP Map Server

Perform this task to configure LISP alternative logical topology (ALT) map server functionality for both IPv4
and IPv6 address family mapping services.

57
Note You must also configure an ALT-connected LISP map resolver (see the Configuring an ALT-Connected
LISP Map Resolver task).
In the figure below, the map resolver (MR) and map server (MS) are configured on separate devices and share
their EID prefix information via connectivity.
The map server illustrated in the topology shown in the figure is described below; the map resolver and LISP
ALT are configured in separate tasks:
Mapping System
• Two LISP devices are configured, one as an MS and the other as an MR.
• The MS has an IPv4 locator of 10.10.10.13/24 and an IPv6 locator of 2001:db8:e000:2::3/64.
• The MR has an IPv4 locator of 10.10.10.10/24 and an IPv6 locator of 2001:db8:e000:2::1/64.
• Assume that the xTRs in the LISP site register to this map server. That is, the xTR registers the IPv4
EID-prefix of 172.16.1.0/24 and, when IPv6 EIDs are used, the xTR registers the IPv6 EID-prefix of
2001:db8:a::/48.
Note The configuration of the xTR must be changed to use the MS RLOC for its map server
configuration and the MR RLOC for its map resolver configuration. For example:
• ipv4 itr map-resolver 10.10.10.10
• ipv4 etr map-server 10.10.10.13 key 0 some-key

58
• The MR has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.1.1/30 and
2001:db8:ffff::1/64, respectively, and the MS has IPv4 and IPv6 tunnel endpoints of 192.168.1.2/30 and
2001:db8:ffff::2/64, respectively, in the same VRF table. This tunnel is used for the ALT.

59
SUMMARY STEPS
8. exit
15. exit
16. router lisp
17. ipv4 map-server
19. ipv6 map-server
21. site site-name
22. eid-prefix EID-prefix
23. authentication-key key-type authentication-key
24. exit
25. Repeat Steps 21 through 24 to configure additional LISP sites.
26. exit
29. redistribute lisp
32. exit
33. address-family ipv6 vrf vrf-name
34. redistribute lisp
37. exit
38. exit

60

41. exit
DETAILED STEPS

Example:
Step 2 vrf definition vrf-name Creates a virtual routing and forwarding (VRF) table and enters
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created to
hold EID prefixes.
Example:
Example:
Example:

61

Step 8 exit Exits VRF configuration mode and enters global configuration
mode.
Example:
Step 9 interface type number Specifies the interface type of tunnel and the interface number and
enters interface configuration mode.
Example:
Example: • When the interface is bound to a VRF, previously configured
Router(config-if)# vrf forwarding lisp IP addresses are removed, and the interface is disabled.
Example:
255.255.255.252
Example:
2001:DB8:ffff::6/64
Example:
interface.
Example:
10.10.10.13
mode.
Example:

62

Example:
family.
Example:
map-server
lisp
family.
Example:
map-server
lisp
Step 21 site site-name Specifies a LISP site and enters LISP site configuration mode.
Note A LISP site name is locally significant to the map server
Example: on which it is configured. It has no relevance anywhere
Router(config-router-lisp)# site Site-1 else. This name is used solely as an administrative means
of associating one or more EID prefixes with an
authentication key and other site-related mechanisms.
Step 22 eid-prefix EID-prefix Configures an IPv4 or IPv6 EID prefix associated with this LISP
site.
Example: • Repeat this step as necessary to configure additional EID
Router(config-router-lisp-site)# prefixes under this LISP sites.
eid-prefix 172.16.1.0/24
• In this step example, only an IPv4 EID prefix is configured
but to complete the configuration, an IPv6 EID prefix must
also be configured.

prefixes and an identical authentication key.

63

Note Additional eid-prefix command configuration options are
available. (See the LISP Command Reference for more
details.)
Step 23 authentication-key key-type authentication-key Configures the authentication key associated with this site.
Example: prefixes and an identical authentication key.
Router(config-router-lisp-site)# Note The authentication-key can be configured with Type 6
authentication-key 0 some-key encryption. (See the LISP Command Reference for more
details.)
Step 24 exit Exits LISP site configuration mode and returns to LISP
configuration mode.
Example:
Step 25 Repeat Steps 21 through 24 to configure —

additional LISP sites.
mode.
Example:
Step 27 router bgp autonomous-system-number Enters router configuration mode for the specified routing process.
Example:
• The vrf keyword and vrf-name argument specify the name
Example: of the VRF instance to associate with subsequent commands.
Router(config-router)# address-family ipv4
vrf lisp • In this example, the VRF table named lisp (created in Step
2) is associated with the BGP IPv4 VRF that carries EID
prefixes in the LISP ALT.
Step 29 redistribute lisp Redistributes EID prefixes known to LISP into BGP.
Example:
Router(config-router-af)# redistribute
lisp

64

router.
Example:
192.168.1.1 remote-as 65010
address family.
Example:
configuration mode.
Example:
Step 33 address-family ipv6 vrf vrf-name Specifies the IPv6 address family and enters IPv6 address family
configuration mode.
Example: • The vrf keyword and vrf-name argument specify the name
Router(config-router)# address-family ipv6 of the VRF instance to associate with subsequent commands.
vrf lisp
2) is associated with the BGP IPv6 VRF that carries EID
prefixes in the LISP ALT.
Step 34 redistribute lisp Redistributes EID prefixes known to LISP into BGP.
Example:
Router(config-router-af)# redistribute
lisp
Step 35 neighbor ip-address remote-as Adds the IPv6 address of the neighbor in the specified autonomous
router.
Example:
address family.
Example:

65

configuration mode.
Example:
Step 38 exit Exits router configuration mode and returns to global configuration
mode.
Example:

• In this example, a default route to the upstream next hop for
Example: all IPv4 destinations is created.
10.10.10.1

2001:db8:e000:2::f0f
mode.
Example:

66
Example:
The example below shows the full configuration for a LISP map server including some basic IP and IPv6
!
hostname MS
!
vrf definition lisp
rd 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel192
vrf forwarding lisp
ip address 192.168.1.2 255.255.255.252
!
ip address 10.10.10.13 255.255.255.0
ipv6 address 2001:db8:e000:2::3/64
!
router lisp
site Site-1
authentication-key 0 some-xtr-key
eid-prefix 172.16.1.0/24
eid-prefix 2001:db8:a::/48
exit

67
Configure a PETR and a PITR
!
site Site-2
authentication-key 0 another-xtr-key
eid-prefix 172.16.2.0/24
eid-prefix 2001:db8:b::/48
exit
!
!---configure more LISP sites as required---
!
ipv4 map-server
ipv4 alt-vrf lisp
ipv6 map-server
ipv6 alt-vrf lisp
exit
!
router bgp 65011
bgp asnotation dot
!
redistribute lisp
exit-address-family
!
redistribute lisp
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ipv6 route ::/0 2001:db8:e000:2::f0f

The following tasks show how to design and deploy a Proxy Egress Tunnel Router (PETR) and a Proxy Ingress
Tunnel Router (PITR). The example scenario shows deployment of a PETR and PITR as separate devices but
it is also possible to deploy a single device that acts simultaneously as a PETR and a PITR, which is called a
PxTR.
Deploying a Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
Perform this task to deploy a Proxy Egress Tunnel Router (PETR) for both IPv4 and IPv6 address families.
You can also perform this task to configure PETR functionality on a single device that acts simultaneously
as a PETR and as a Proxy Ingress Tunnel Router (PITR), referred to as a PxTR.
A PETR simply takes in LISP encapsulated packets and decapsulates them and forwards them. For example,
a PETR can be used to provide IPv6 LISP EIDs access to non-LISP EIDs when the LISP site only has IPv4
RLOC connectivity. A PETR, therefore, is used for LISP-to-non-LISP access in situations where cross-address
family connectivity is an issue. (A PETR can still be used for matching EID and RLOC address families if
desired.) Note that a PITR is required to provide return-traffic flow. A PETR is simple to deploy because it
need only provide dual-stack connectivity to the core.

68
The topology used in this PETR example is shown in the figure. The PETR and PITR in this example are
deployed as separate devices and each have both an IPv4 and an IPv6 locator.
Figure 16: Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
PETR
• When deployed as a standalone LISP device, the PETR has dual-stack connectivity to the core network.
• The PETR IPv4 locator is 10.10.10.14/24 and the IPv6 locator is 2001:db8:e000:2::4/64.
SUMMARY STEPS
1. enable
3. router lisp
4. ipv4 proxy-etr
5. ipv6 proxy-etr
6. exit
9. exit
DETAILED STEPS

Step 1 enable Enables privileged EXEC mode.

69

• Enter your password if prompted.
Example:
Router> enable
Example:
Example:
Step 4 ipv4 proxy-etr Enables PETR functionality for IPv4 EIDs.
Example:
Router(config-router-lisp)# ipv4 proxy-etr
Step 5 ipv6 proxy-etr Enables PETR functionality for IPv6 EIDs.
Example:
Router(config-router-lisp)# ipv6 proxy-etr
Step 6 exit Exits LISP configuration mode and enters global

configuration mode.
Example:

• In this example, a default route to the upstream next
Example: hop for all IPv4 destinations is created.
10.10.10.1

• In this example, a default route to the upstream next
Example: hop for all IPv6 destinations is created.
2001:db8:e000:2::f0f

70

Step 9 exit Exits global configuration mode and returns to privileged
EXEC mode.
Example:
Example:
Figure 17: Proxy Egress Tunnel Router with both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a PETR including some basic IP and IPv6 configuration
not included in the task table for this task:
!
hostname PETR
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
no ip address
!
description Link to Core (RLOC)
ip address 10.10.10.14 255.255.255.0
ipv6 address 2001:db8:e000:2::4/64
!
router lisp
ipv4 proxy-etr
ipv6 proxy-etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1

71
!
ipv6 route ::/0 2001:db8:e000:2::f0f
Deploying a Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC
Perform this task to deploy a Proxy Ingress Tunnel Router (PITR) for both IPv4 and IPv6 address families.
You can also perform this task to configure PITR functionality on a single device that acts simultaneously as
a PITR and as a Proxy Egress Tunnel Router (PETR), referred to as a PxTR.
A PITR attracts non-LISP packets by advertising a coarse-aggregate prefix for LISP EIDs into the core (such
as the Internet or a Multiprotocol Label Switching (MPLS) core) and then performs LISP encapsulation
services (like an ITR) to provide access to LISP EIDs. Thus, a PITR provides non-LISP-to-LISP interworking.
A PITR is also used to provide address family “hop-over ? for non-LISP-to-LISP traffic. For example, a
dual-stacked PxTR can be used to provide a return-traffic path from non-LISP IPv6 sites to IPv6 LISP sites
that contain only IPv4 RLOCs.
To resolve EID-to-RLOC mappings for creating non-LISP-to-LISP flows, configure PITR to query the LISP
mapping system. In this task, the PITR is configured to send Map-Rrequest messages via the LISP alternate
logical topology (ALT) to resolve EID-to-RLOC mappings.
Note To attract non-LISP traffic destined to LISP sites, the PITR must advertise coarse-aggregate EID prefixes
into the underlying network infrastructure. In an Internet-as-the-core example, attracting non-LISP traffice
destined to LISP sites is typically managed via external BGP (eBGP) and by advertising the coarse-aggregate
that includes all appropriate EID prefixes into the Internet. The example configuration in the figure utilizes
this approach. Because this is a standard BGP configuration, summary and detailed command guidance
is not provided in the task table for this task, although the complete configuration example that follows
the task table does include an accurate example of this eBGP peering. Any other approach that advertises
coarse-aggregates that include all appropriate EID prefixes into the core are also acceptable.
The topology used in this example is shown in the figure. The PITR is deployed as a separate device, with
both an IPv4 and an IPv6 locator. A map resolver and core-peering router are also shown in the figure for
reference because they are required components for completing the PITR configuration shown in the figure.
Figure 18: Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC

72
PITR
• When deployed as a standalone LISP device, the PITR has dual-stack connectivity to the core network.
• The PITR IPv4 locator is 10.10.10.11/24 and the IPv6 locator is 2001:db8:e000:2::2/64.
• The use of LISP EID prefixes throughout this task (172.16.1.0/24 and 2001:db8:a::/48 configuration)
is assumed and are part of LISP EID blocks that can be summarized in coarse-aggregates and advertised
by the PITR into the core network. The advertisement of the IPv4 coarse-aggregate of 172.16.0.0/16
and the IPv6 coarse-aggregate of 2001:db8::/33 by the PITR into the IPv4 and IPv6 core networks is
also assumed.
• The PITR eBGP peers with the core router with locators 10.10.11.1 and 2001:db8:e000:3::1 in order to
advertise the coarse-aggregate IPv4 EID prefix of 172.16.0.0/16 and the IPv6 EID prefix of 2001:db8::/33
into the IPv4 and IPv6 cores, respectively.
• The PITR is configured to use the LISP ALT (GRE+BGP) via the map server with locators 10.10.10.13
and 2001:db8:e000:2::3. The relevant configuration is shown for the PITR.
• The MS has IPv4 and IPv6 tunnel endpoints in the VRF table (named lisp) of 192.168.5/30 and
2001:db8:ffff::5/64, respectively. The configuration of the map server is not in the task table.
• The core router has an IPv4 address of 10.10.11.1 and an IPv6 address of 2001:db8:e000:3::1. These
addresses will be used for eBGP peering. The core router configuration is assumed to be familiar as a
typical ISP peering router and is therefore not included in the task table.

73
SUMMARY STEPS
8. exit
15. exit
16. router lisp
18. ipv4 proxy-itr ipv4-locator [ipv6-locator]
19. ipv4 map-cache-limit map-cache-limit
21. ipv6 proxy-itr ipv6-locator [ipv4-locator]
22. ipv6 map-cache-limit map-cache-limit
23. exit
28. exit
32. exit
33. exit
38. exit

74
DETAILED STEPS

Example:
Step 2 vrf definition vrf-name Configures a virtual routing and forwarding (VRF) table and enters
Router(config)# vrf definition lisp to the VRF. In this example, a VRF named lisp is created to
hold EID prefixes.
Example:
Example: • In this example, the VRF named lisp handles IPv4 EID
Step 5 exit-address-family Exits VRF address family configuration mode and returns to VRF
configuration mode.
Example:
exit-address-family
Step 7 exit-address-family Exits VRF address family configuration mode and returns to VRF
configuration mode.
Example:
exit-address-family
Step 8 exit Exits VRF configuration mode and enters global configuration mode.
Example:

75

Step 9 interface type number Specifies the interface type of tunnel and the interface number and
enters interface configuration mode.
Example:
Example: • When the interface is bound to a VRF, previously configured
Router(config-if)# vrf forwarding lisp IP addresses are removed, and the interface is disabled.
Example:
255.255.255.252
Example:
2001:DB8:ffff::6/64
Example:
interface.
Example:
10.10.10.13
mode.
Example:
Example:

76


lisp
Step 18 ipv4 proxy-itr ipv4-locator [ipv6-locator] Enables Proxy Ingress Tunnel Router (PITR) functionality for IPv4
EIDs, and specifies the IPv4 and (optionally) the IPv6 RLOCs (local
Example: to the PITR) to use when LISP-encapsulating packets to LISP sites.
proxy-itr 10.10.10.11 2001:db8:e000:2::2
Step 19 ipv4 map-cache-limit map-cache-limit Specifies the maximum number of IPv4 map-cache entries to be
maintained by the PITR.
Example: • When the map-cache reaches this limit, existing entries are
Router(config-router-lisp)# ipv4 removed according to the rules described in the command
map-cache-limit 100000 reference guide. (See the LISP Command Reference for more
details.)
• The default map-cache-limit is 10000. In this example, since
the device is being configured as a PITR, a larger map-cache
limit is configured.
lisp
Step 21 ipv6 proxy-itr ipv6-locator [ipv4-locator] Enables Proxy Ingress Tunnel Router (PITR) functionality for IPv6
EIDs, and specifies the IPv6 and (optionally) the IPv4 RLOCs (local
Example: to the PITR) to use when LISP-encapsulating packets to LISP sites.
proxy-itr 2001:db8:e000:2::2 10.10.10.11
Step 22 ipv6 map-cache-limit map-cache-limit Specifies the maximum number of IPv6 map-cache entries to be
maintained by the PITR.
Example: • When the map-cache reaches this limit, existing entries are
Router(config-router-lisp)# ipv6 removed according to the rules described in the command
map-cache-limit 100000 reference guide. (See the LISP Command Reference for more
details.)
The default map-cache-limit is 10000. In this example, since the

device is being configured as a PITR, a larger map-cache limit is
configured.

77

mode.
Example:
Step 24 router bgp autonomous-system-number Enters router configuration mode for the specified routing process.
Example:
• The vrf keyword and vrf-name argument specify the name of
Example: the VRF instance to associate with subsequent commands.
Router(config-router)# address-family
ipv4 vrf lisp • In this example, the VRF table named lisp (created in Step 2)
is associated with the BGP IPv4 VRF that carries EID prefixes
in the LISP ALT.
router.
Example:
192.168.1.5 remote-as 65011
address family.
Example:
Step 28 exit Exits address family configuration mode.
Example:
• The vrf keyword and vrf-name argument specify the name of
Example: the VRF instance to associate with subsequent commands.
Router(config-router-af)# address-family
ipv6 vrf lisp • In this example, the VRF table named lisp (created in Step 2)
is associated with the BGP IPv6 VRF that carries EID prefixes
in the LISP ALT.

78

Step 30 neighbor ip-address remote-as Adds the IPv6 address of the neighbor in the specified autonomous
router.
Example:
address family.
Example:
Step 32 exit Exits address family configuration mode.
Example:
Step 33 exit Exits router configuration mode.
Example:

10.10.10.1

• In this example, a static route is configured to Null0 for the
Example: coarse-aggregate IPv4 EID prefix 172.16.0.0/16. This static
Router(config)# ip route 172.16.0.0 route is required to ensure proper operation of LISP in querying
255.255.0.0 Null0 tag 123 the mapping system for LISP EIDs. The tag 123 is added to
this null route as a reference point for the route map used to
permit the advertisement of this coarse aggregate to the
upstream ISP BGP peer.

2001:db8:e000:2::f0f

79

• In this example, a static route is configured to Null0 for the
Example: coarse-aggregate IPv6 EID prefix 2001:db8::/33. This is
required to ensure proper operation of LISP in querying the
Router(config)# ipv6 route 2001:db8::/33 mapping system for LISP EIDs. The tag 123 is added to this
Null0 tag 123
null route as a handy reference point for the route-map used
to permit the advertisement of this coarse-aggregate to the
upstream ISP BGP peer.
Example:
Example:
Figure 19: Proxy Ingress Tunnel Router with both an IPv4 and an IPv6 RLOC
The example below shows the full configuration for a PITR includes some basic IP, BGP, and route map
!
hostname PITR
!
no ip domain lookup
ip cef
ipv6 cef
!
interface Loopback0
no ip address
!
interface Tunnel191
vrf forwarding lisp

80
ip address 192.168.1.6 255.255.255.252

!
description Link to Core (RLOC)
ip address 10.10.10.11 255.255.255.0
ipv6 address 2001:db8:e000:2::2/64
!
router lisp
ipv4 alt-vrf lisp
ipv4 map-cache-limit 100000
ipv4 proxy-itr 10.10.10.11 2001:db8:e000:2::2
ipv6 alt-vrf lisp
ipv6 map-cache-limit 100000
ipv6 proxy-itr 2001:db8:e000:2::2 10.10.10.11
exit
!
router bgp 65015
bgp asnotation dot
neighbor 2001:db8:e000:3::1 remote-as 65111
!
address-family ipv4
no synchronization
redistribute static route-map populate-default
neighbor 10.10.11.1 send-community both
neighbor 10.10.11.1 route-map dfz-out out
exit-address-family
!
address-family ipv6
redistribute static route-map populate-default
neighbor 2001:db8:e000:3::1 activate
neighbor 2001:db8:e000:3::1 send-community both
neighbor 2001:db8:e000:3::1 route-map dfz-out out
exit-address-family
!
no synchronization
exit-address-family
!
no synchronization
exit-address-family
!
ip bgp-community new-format
ip community-list standard dfz-upstream permit 65100:123
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 172.16.0.0 255.255.0.0 Null0 tag 123
!
ipv6 route 2001:db8::/33 Null0 tag 123
ipv6 route ::/0 2001:db8:e000:2::f0f
!
route-map populate-default permit 10
match tag 123
set origin igp
set community 65100:123
!
route-map dfz-out permit 10
match community dfz-upstream
!

81
Verify and Troubleshoot Locator ID Separation Protocol

Once LISP is configured, you can verify and troubleshoot LISP configuration and operations by following
the optional steps in this task. Note that certain verification and troubleshooting steps are specific to certain
LISP devices and only apply if configured in your LISP site.
SUMMARY STEPS
1. enable
2. show running-config | section router lisp
3. show [ip | ipv6] lisp
4. show [ip | ipv6] lisp map-cache
5. show [ip | ipv6] lisp database
6. show lisp site [name site-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}}
8. ping {hostname | destination-EID}
9. clear [ip | ipv6] lisp map-cache
DETAILED STEPS
Step 1 enable
Enables privileged EXEC mode. Enter your password if prompted.
Example:
Router> enable
Step 2 show running-config | section router lisp

The show running-config | section router lisp command is useful for quickly verifying the LISP configuration on the
device. This command applies to any Cisco IOS LISP device.
The following is sample output from the show running-config | section router lisp command when a mulithomed LISP
site is configured with IPv4 and IPv6 EID prefixes:
Example:
Router# show running-config | section router lisp
router lisp
database-mapping 2001:DB8:A::/48 10.1.1.2 priority 1 weight 50
database-mapping 2001:DB8:A::/48 10.2.1.2 priority 1 weight 50
ipv4 itr
ipv4 etr map-server 10.10.10.10 key some-key
ipv4 etr

82

ipv6 itr
ipv6 etr
exit
Step 3 show [ip | ipv6] lisp

The show ip lisp and show ipv6 lisp commands are useful for quickly verifying the operational status of LISP as
configured on the device, as applicable to the IPv4 and IPv6 address families, respectively. This command applies to
any Cisco IOS LISP device.
Example:
The following example shows LISP operational status and IPv4 address family information:
Router# show ip lisp
Ingress Tunnel Router (ITR): enabled

Egress Tunnel Router (ETR): enabled
Proxy-ITR Router (PITR): disabled
Proxy-ETR Router (PETR): disabled
Map Server (MS): disabled
Map Resolver (MR): disabled
Map-Request source: 172.16.1.1
ITR Map-Resolver(s): 10.10.10.10, 10.10.30.10
ETR Map-Server(s): 10.10.10.10 (00:00:56), 10.10.30.10 (00:00:12)
ETR accept mapping data: disabled, verify disabled
ETR map-cache TTL: 1d00h
Locator Status Algorithms:
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-cache size/limit: 2/1000
Map-cache activity check period: 60 secs
Map-database size: 1
Example:
The following example shows LISP operational status and IPv6 address family information:
Router# show ip lisp

Map-Request source: 2001:DB8:A::1
ITR Map-Resolver(s): 10.10.10.10, 10.10.30.10
ETR Map-Server(s): 10.10.10.10 (00:00:23), 10.10.30.10 (00:00:40)
Locator Status Algorithms:
RLOC-probe algorithm: disabled
Static mappings configured: 0
Map-cache size/limit: 1/1000
Map-cache activity check period: 60 secs
Map-database size: 1
Step 4 show [ip | ipv6] lisp map-cache
The show ip lisp map-cache and show ipv6 lisp map-cache commands are useful for quickly verifying the operational
status of the map-cache on a device configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families,
respectively. Based on a configuration when a mulithomed LISP site is configured with IPv4 and IPv6 EID prefixes,

83
this example output assumes that a map-cache entry has been received for another site with the IPv4 EID prefix of
172.16.2.0/24 and the IPv6 EID prefix of 2001:db8:b::/48.
Example:
The following example shows IPv4 mapping cache information:
Router# show ip lisp map-cache
LISP IPv4 Mapping Cache, 2 entries
0.0.0.0/0, uptime: 02:48:19, expires: never, via static send map-request

Negative cache entry, action: send-map-request
172.16.2.0/24, uptime: 01:45:24, expires: 22:14:28, via map-reply, complete
Locator Uptime State Pri/Wgt
10.0.0.6 01:45:24 up 1/1
Example:
The following example shows IPv6 mapping cache information:
Router# show ipv6 lisp map-cache
::/0, uptime: 02:49:39, expires: never, via static send map-request

2001:DB8:B::/48, uptime: 00:00:07, expires: 23:59:46, via map-reply, complete
10.0.0.6 00:00:07 up 1/1
Step 5 show [ip | ipv6] lisp database

The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the the operational
status of the database mapping on a device configured as an ETR, as applicable to the IPv4 and IPv6 address families,
respectively. The following example output is based on a configuration when a mulithomed LISP site is configured with
IPv4 and IPv6 EID prefixes.
Example:
The following example shows IPv4 mapping database information:
Router# show ip lisp database
LISP ETR IPv4 Mapping Database, LSBs: 0x3, 1 entries
172.16.1.0/24
Locator Pri/Wgt Source State
10.1.1.2 1/50 cfg-addr site-self, reachable
10.2.1.2 1/50 cfg-addr site-other, report-reachable
Example:
The following example shows IPv6 mapping database information:
Router# show ipv6 lisp database
LISP ETR IPv6 Mapping Database, LSBs: 0x1, 1 entries
2001:DB8:A::/48

84

10.2.1.2 1/50 cfg-addr site-other, report-reachable
Step 6 show lisp site [name site-name]
The show lisp site command is useful for quickly verifying the operational status of LISP sites, as configured on a map
server. This command applies only to a device configured as a map server.
The following examples are based on configurations where a mulithomed LISP site is configured with both IPv4 and
IPv6 EID prefixes:
Example:
Router# show lisp site
LISP Site Registration Information
Site Name Last Up Who Last EID Prefix

Register Registered
Site-1 00:00:15 yes 10.1.1.2 172.16.1.0/24
00:00:11 yes 10.1.1.2 2001:DB8:A::/48
Site-2 00:00:27 yes 10.0.0.6 172.16.2.0/24
00:00:37 yes 10.0.0.6 2001:DB8:B::/48
Example:
Router# show lisp site name Site-1
Site name: Site-1

Allowed configured locators: any
Allowed EID-prefixes:
EID-prefix: 172.16.1.0/24
First registered: 00:04:51
Routing table tag: 0
Origin: Configuration
Merge active: No
Proxy reply: No
TTL: 1d00h
Registration errors:
Authentication failures: 0
Allowed locators mismatch: 0
ETR 10.1.1.2, last registered 00:00:01, no proxy-reply, map-notify
TTL 1d00h, no merge
Locator Local State Pri/Wgt
10.1.1.2 yes up 1/50
TTL 1d00h, merge
10.1.1.2 yes up 1/50
10.2.1.2 yes up 1/50
EID-prefix: 2001:DB8:A::/48
Merge active: No
Proxy reply: No
TTL: 1d00h
TTL 1d00h, no merge
10.1.1.2 yes up 1/50
TTL 1d00h, merge
10.1.1.2 yes up 1/50

85
10.2.1.2 yes up 1/50
Step 7 lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}}

The LISP Internet Groper (lig) command is useful for testing the LISP control plane. The lig command can be used to
query for the indicated destination hostname or EID, or the router's local EID prefix. This command provides a simple
means of testing whether a destination EID exists in the LISP mapping database system, or whether your site is registered
with the mapping database system. This command is applicable for both the IPv4 and IPv6 address families and applies
to any Cisco IOS LISP device that maintains a map-cache (i.e. configured as an ITR or PITR).
IPv6 EID prefixes:
Example:
Router# lig self ipv4
Mapping information for EID 172.16.1.0 from 10.1.1.2 with RTT 12 msecs
172.16.1.0/24, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig self ipv6
Mapping information for EID 2001:DB8:A:: from 10.0.0.2 with RTT 12 msecs
2001:DB8:A::/48, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig 172.16.2.1
Mapping information for EID 2001:DB8:A:: from 10.0.0.2 with RTT 12 msecs
2001:DB8:A::/48, uptime: 00:00:00, expires: 23:59:52, via map-reply, self
10.1.1.2 00:00:00 up, self 1/50
10.2.1.2 00:00:00 up 1/50
Example:
Router# lig 2001:db8:b::1
10.0.0.6 01:52:45 up 1/1
Step 8 ping {hostname | destination-EID}

The ping command is useful for testing basic network connectivity and reachability and liveness of a destination EID
or RLOC address. It is important to be aware that because LISP uses encapsulation, you should always specify a source
address when using ping. Never allow the ping application to assign its own default source address because there are
four possible ways to use ping and unless the source address is explicitly named, the wrong address may be used by the
application and return erroneous results that complicate operational verification or troubleshooting.

86
The four possible uses of ping are:

• RLOC-to-RLOC—Sends out “echo ? packets natively (no LISP encapsulation) and receives the “echo-reply ?
back natively. This use of ping can test the underlying network connectivity between locators of various devices,
such as between an xTR and a map server or map resolver.
• EID-to-EID—Sends out “echo ? packets with LISP encapsulation and receives the “echo-reply ? back as LISP
encapsulated. This use of ping can be used to test the LISP data plane (encapsulation) between LISP sites.
• EID-to-RLOC—Sends out “echo ? packets natively (no LISP encapsulation) and receives the "echo-reply" back
as LISP encapsulated through a PITR mechanism. This use of ping can be used to test the PITR infrastructure.
• RLOC-to-EID - Sends out “echo ? packets with LISP encapsulation and receives the “echo-reply ? back natively
(no LISP encapsulation. This use of ping can be used to test PETR capabilities.
The ping command is applicable to the IPv4 and IPv6 address families, respectively, and can be used on any LISP
device but is limited by the LISP device and site configuration. (For example, the ability to do LISP encapsulation
requires the device to be configured as either an ITR or PITR.)
IPv6 EID prefixes:
Example:
Router# ping 172.16.2.1 source 172.16.1.1
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Example:
Router# ping 2001:db8:b::1 source 2001:db8:a::1

Sending 5, 100-byte ICMP Echos to 2001:DB8:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A::1
!!!!!
Step 9 clear [ip | ipv6] lisp map-cache

The clear ip lisp map-cache and clear ipv6 lisp map-cache commands remove all IPv4 or IPv6 dynamic LISP map-cache
entries stored by the router. This command applies to a LISP device that maintains a map-cache (like one configured as
an ITR or PITR) and can be useful if trying to quickly verify the operational status of the LISP control plane. Based on
a configuration when a mulithomed LISP site is configured with both IPv4 and IPv6 EID prefixes, the following example
output assumes that a map-cache entry has been received for another site with the IPv4 EID prefix of 172.16.2.0/24 or
an IPv6 EID prefix of 2001:db8:b::/48.
Example:
The following example shows IPv4 mapping cache information, how to clear the mapping cache, and the show information
after the cache is cleared.

87
Additional References

10.0.0.6 01:45:24 up 1/1
Router# clear ip lisp map-cache

Example:
The following example shows IPv6 mapping cache information, how to clear the mapping cache, and the show information
after the cache is cleared.
Router# show ipv6 lisp map-cache

10.0.0.6 00:00:07 up 1/1
Router# clear ip lisp map-cache

The following sections provide references related to the Locator ID Separation Protocol.
Related Documents
Document Title Location

Cisco IOS LISP Lab Test Configuration Application http://lisp4.cisco.com/lisp_tech.html
Note
Cisco IOS IP Routing: LISP Command Reference http://www.cisco.com/en/US/docs/ios-xml/ios/

iproute_lisp/command/ip-lisp-cr-book.html

88
Standards
Standard Title
IANA Address Family Numbers http://www.iana.org/assignments/
address-family-numbers/address-family-numbers.xml
MIBs
MIB MIBs Link

LISP MIB To locate and download MIBs for selected platforms,
Cisco IOS software releases, and feature sets, use
Cisco MIB Locator found at the following URL: http:/
/www.cisco.com/go/mibs
RFCs
RFC Title
draft-ietf-lisp-07 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/draft-ietf-lisp-07
draft-ietf-lisp-alt-04 LISP Alternative Topology (LISP+ALT) http://

tools.ietf.org/html/draft-ietf-lisp-alt-04
draft-ietf-lisp-interworking-01 Interworking LISP with IPv4 and IPv6 http://

tools.ietf.org/html/draft-ietf-lisp-interworking-01
draft-ietf-lisp-lig-00 LISP Internet Groper (LIG) http://tools.ietf.org/html/

draft-ietf-lisp-lig-00
draft-ietf-lisp-ms-05 LISP Map Server http://tools.ietf.org/html/

draft-ietf-lisp-ms-05

89
Feature Information for LISP
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Feature Information for LISP

Table 2: Feature Information for Locator/ID Separation Protocol
Feature Name Release Feature Configuration Information

Configure LISP Introduces LISP functionality to
support ITR, ETR, PITR, PETR,
MS, MR, and LISP ALT devices
for IPv4 and IPv6 address families.
LISP MIB This feature introduces LISP MIB

on Cisco software.

90
CHAPTER 4
LISP Multicast
The LISP Multicast feature introduces support for carrying multicast traffic over a Locator ID Separation
Protocol (LISP) overlay. This support currently allows for unicast transport of multicast traffic with head-end
replication at the root ingress tunnel router (ITR) site. This allows network operators to use LISP to carry
multicast traffic over core networks that do not have native multicast capabilities.

• Prerequisites for LISP Multicast, page 91
• Restrictions for LISP Multicast, page 92
• Information About LISP Multicast, page 92
• How to Configure LISP Multicast, page 93
• Verifying LISP Multicast, page 98
• Configuration Examples for LISP Multicast, page 100
• Additional References for LISP Multicast, page 106
• Feature Information for LISP Multicast, page 107

Prerequisites for LISP Multicast

• You must configure basic LISP services on the device. Basic LISP configurations are covered in
"Configuring Basic LISP" section of this configuration guide.

91
LISP Multicast
Restrictions for LISP Multicast
• You must configure IPv6 multicast and LISP services on the device. The configuration of IPv6 multicast
over LISP is covered in "How to Configure LISP Multicast" and "Example: Configuring IPv6 Multicast
over LISP" sections of this guide.
Restrictions for LISP Multicast

• LISP multicast does not support IPv6 endpoint identifiers (EIDs) or IPv6 routing locators (RLOCs).
Only IPv4 EIDs and IPv4 RLOCs are supported.
• LISP multicast does not support Dense Mode or Bidirectional Protocol Independent Multicast (PIM).
Only PIM-Sparse Mode (SM) and PIM Source Specific Multicast (SSM) modes are supported.
• LISP multicast does not support group to Rendezvous Point (RP) mapping distribution mechanisms,
Auto-RP and Bootstrap Router (BSR). Only static-RP configuration is supported.
• LISP multicast does not support LISP Virtual Machine Mobility (VM-Mobility) deployment. That is,
LISP multicast cannot be used as a data center interconnect (DCI) mechanism.
• IPv6 LISP multicast does not support IPv6 routing locators. Additionally, it does not support multicast
transport.
Note IPv6 LISP multicast is supported only from Cisco IOS Release 16.2 onwards, though releases earlier than
16.2 supports only IPv4 LISP multicast
Information About LISP Multicast

The implementation of LISP multicast includes the following features:
• Mapping of multicast source addresses as LISP endpoint identifiers (EIDs). (Destination group addresses
are not topology dependent).
• Building the multicast distribution tree across LISP overlays.
• Unicast head-end replication of multicast data packets from sources within a root ingress tunnel router
(ITR) site to receiver egress tunnel routers (ETRs).
• Support for ASM (Any Source Multicast) and SSM (Source Specific Multicast).
• Support for various combinations of LISP and non-LISP capable source and receiver sites.
• Support for IPv6 endpoint identifiers (EIDs).
Note If a LISP xTR is also a PIM First Hop Router (FH) or a Rendezvous Point (RP) and the device is only
receiving traffic, ensure that at least one interface on the device is covered by a local LISP database
mapping. No additional configuration is required to ensure that proper address is selected.

92
LISP Multicast
How to Configure LISP Multicast
How to Configure LISP Multicast
Configuring LISP Multicast

Perform this task to enable the LISP multicast functionality on the xTR.
Before You Begin

Ensure that generic multicast functionality has been enabled on the required devices of the LISP site and PIM
sparse mode has been enabled on the required interfaces of these devices.
SUMMARY STEPS
1. enable
3. ip multicast-routing [distributed]
4. Enter one of the following:
• ip pim rp-address rp-address
• ip pim ssm {default | range {access-list-number | access-list-name}}
5. interface lisp interface-number

6. ipv6 pim lisp transport [ipv4]
7. ip pim sparse-mode
8. exit
9. interface interface-type interface-number
10. description string
12. end
DETAILED STEPS

Example:
Device> enable
Example:
Device# configure terminal

93
LISP Multicast
Configuring LISP Multicast

Step 3 ip multicast-routing [distributed] Enables IP multicast routing.
Example:
Device(config)# ip multicast-routing
Step 4 Enter one of the following: • Statically configures the address of a Protocol
Independent Multicast (PIM) rendezvous point (RP)
• ip pim rp-address rp-address for multicast groups.
• ip pim ssm {default | range {access-list-number | • Defines the Source Specific Multicast (SSM) range
access-list-name}} of IP multicast addresses.
Example:
Device(config)# ip pim rp-address 10.1.0.2
Example:
Device(config)# ip pim ssm default
Step 5 interface lisp interface-number Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config)# interface LISP0
Step 6 ipv6 pim lisp transport [ipv4] Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config-if)# ipv6 pim lisp transport
unicast ipv4
Step 7 ip pim sparse-mode Enables Protocol Independent Multicast (PIM) on an

interface for sparse-mode operation.
Example:
Device(config-if)# ip pim sparse-mode
Step 8 exit Exits interface configuration mode and enters global

configuration mode.
Example:
Device(config-if)# exit
Step 9 interface interface-type interface-number Configures the LISP interface facing the site and enters
interface configuration mode.
Example:
Device(config)# interface GigabitEthernet0/0/0

94
LISP Multicast
Configuring LISP Multicast in VRFs

Step 10 description string Configures a description text for the interface.
Example:
Device(config-if)# description Link To Site

Example:
Step 12 end Ends the current configuration session and returns to

privileged EXEC mode.
Example:
Device(config-if)# end

Perform this task to enable the LISP multicast functionality on an xTR with Virtual Routing and Forwarding
(VRF) mode configured.
Before You Begin

Ensure that generic multicast functionality has been enabled on the required devices of the LISP site and that
PIM sparse mode has been enabled on the required interfaces of these devices.

95
LISP Multicast
SUMMARY STEPS
1. enable
5. exit
6. exit
7. ip multicast-routing vrf vrf-name [distributed]
8. Enter one of the following:
• ip pim vrf vrf-name rp-address ip-address
• ip pim vrf vrf-name ssm {default | range {access-list-number | access-list-name}}
9. interface lisp interface-number

11. exit
12. interface interface-type interface-number
14. description string
16. end
DETAILED STEPS

Example:
Device> enable
Example:
Step 3 vrf definition vrf-name Configures a virtual routing and forwarding (VRF) routing
table instance and enters VRF configuration mode.
Example:
Device(config)# vrf definition VRF1
Step 4 address-family ipv4 Configures an address family for the VRF and enters VRF
address family configuration mode.
Example:
Device(config-vrf)# address-family ipv4

96
LISP Multicast

Step 5 exit Exits VRF address family configuration mode and enters
Example:
Device(config-vrf-af)# exit
Step 6 exit Exits VRF configuration mode and enters global

configuration mode.
Example:
Device(config-vrf)# exit
Step 7 ip multicast-routing vrf vrf-name [distributed] Enables IP multicast routing.
Example:
Device(config)# ip multicast-routing vrf VRF1
distributed
Step 8 Enter one of the following: • Statically configures the address of a Protocol
Independent Multicast (PIM) rendezvous point (RP)
• ip pim vrf vrf-name rp-address ip-address for multicast groups.
• ip pim vrf vrf-name ssm {default | range • Defines the Source Specific Multicast (SSM) range
{access-list-number | access-list-name}} of IP multicast addresses.
Example:
Device(config)# ip pim vrf VRF1 rp-address
10.1.0.2
Example:
Device(config)# ip pim vrf VRF1 ssm default
Step 9 interface lisp interface-number Selects a LISP interface to configure and enters interface
configuration mode.
Example:
Device(config)# interface lisp 22.10

Example:
Step 11 exit Exits interface configuration mode and enters global

configuration mode.
Example:

97
LISP Multicast
Verifying LISP Multicast

Step 12 interface interface-type interface-number Configures the LISP interface facing the site and enters
Example:
Device(config)# interface GigabitEthernet0/0/0
Step 13 vrf forwarding vrf-name Enables VRF forwarding on the interface.
Example:
Device(config-if)# vrf forwarding VRF1
Step 14 description string Configures a description text for the interface.
Example:
Device(config-if)# description Link To Site

Example:
Device(config-if)# ip pim sparse-mode.
Step 16 end Ends the current configuration session and returns to

privileged EXEC mode.
Example:

Perform this task to verify the configuration of LISP multicast routes on a device.
SUMMARY STEPS
1. show ip mroute multicast-ip-address

2. ping multicast-ip-address
DETAILED STEPS
Step 1 show ip mroute multicast-ip-address
Example:

98
LISP Multicast
The following example shows how the IP multicast routing table is displayed using the show ip mroute command:
Device# show ip mroute 239.4.4.4
IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.4.4.4), 00:06:25/00:02:39, RP 10.1.0.2, flags: SJCL

Incoming interface: Serial0/0, RPF nbr 10.1.0.2
Outgoing interface list:
Loopback2, Forward/Sparse, 00:06:24/00:02:39
(*, 224.0.1.40), 00:06:25/00:02:37, RP 10.1.0.2, flags: SJCL

Step 2 ping multicast-ip-address
Example:
The following example shows how to verify basic multicast network connectivity by pinging the multicast address:
Device# ping 239.4.4.4

Reply to request 0 from 192.168.0.1, 15 ms


99
LISP Multicast
Configuration Examples for LISP Multicast
Configuration Examples for LISP Multicast
Example: Configuring LISP Multicast

The following example shows how to configure LISP Multicast in the topology given below:
Figure 20: LISP Multicast Topology
Router 1
The following example shows how to configure LISP multicast in Router 1:
Device# show startup-config
!
ip multicast-routing
!
interface Loopback1
ip address 192.168.0.1 255.255.255.255
ip pim sparse-mode
ip igmp join-group 239.4.4.4
serial restart-delay 0
!
interface Loopback2
ip address 192.168.0.2 255.255.255.255
ip pim sparse-mode

100
LISP Multicast

!
interface Loopback3
ip address 192.168.0.3 255.255.255.255
ip pim sparse-mode
!
interface Serial0/0
ip address 10.1.0.1 255.255.255.0
ip pim sparse-mode
!
router rip
version 2
network 10.0.0.0
network 192.168.0.0
default-information originate
!
ip forward-protocol nd
!
ip pim rp-address 10.1.0.2
!
!
End
The following example shows how to verify the configuration of LISP multicast routes in Router 1:
Device# show ip mroute

x - VxLAN group
(*, 239.4.4.4), 00:00:49/00:02:16, RP 10.1.0.2, flags: SJCL

(*, 224.0.1.40), 00:00:49/00:02:11, RP 10.1.0.2, flags: SJCL

The following example shows how to verify basic multicast network connectivity from Router 1 by pinging
the multicast address:


101
LISP Multicast

xTR1
The following example shows how to configure LISP multicast in xTR1:
!
!
interface LISP0
ip pim sparse-mode
!
interface Serial1/0
ip address 10.1.0.2 255.255.255.0
ip pim sparse-mode
!
interface Serial2/0
ip address 10.2.0.1 255.255.255.0
!
router lisp
ipv4 itr
ipv4 etr map-server 10.14.0.14 key password123
ipv4 etr
exit
!
!
router rip
version 2
network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 10.2.0.2
!
Router 2
The following example shows how to configure LISP multicast in Router 2:
!
!
interface Loopback1
ip address 192.168.1.1 255.255.255.255
ip pim sparse-mode
!

102
LISP Multicast
interface Loopback2
ip address 192.168.1.2 255.255.255.255
ip pim sparse-mode
!
interface Loopback3
ip address 192.168.1.3 255.255.255.255
ip pim sparse-mode
!
interface Serial0/0
ip address 10.4.0.2 255.255.255.0
ip pim sparse-mode
!
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
!
ip forward-protocol nd
!
!
!
!
End
The following example shows how to verify the configuration of LISP multicast routes in Router 2:
Device# show ip mroute

x - VxLAN group
(*, 239.4.4.4), 00:12:59/00:02:01, RP 10.4.0.1, flags: SJCL

(*, 224.0.1.40), 00:12:59/00:02:03, RP 10.4.0.1, flags: SJCL


103
LISP Multicast
The following example shows how to verify basic multicast network connectivity from Router 2 by pinging
the multicast address:


xTR2
The following example shows how to configure LISP multicast in xTR2:
!
!
interface LISP0
ip pim sparse-mode
!
!
interface Serial1/0
ip address 10.3.0.2 255.255.255.0
!
interface Serial2/0
ip address 10.4.0.1 255.255.255.0
ip pim sparse-mode
!
!
router lisp
ipv4 itr
ipv4 etr map-server 10.14.0.14 key Amel
ipv4 etr
exit
!
router rip
version 2
network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 10.3.0.1
!
MS/MR
The following example shows how to configure LISP multicast in MS/MR:

104
LISP Multicast
Example: Configuring LISP Multicast in VRFs
!
!
interface Serial3/0
ip address 10.14.0.14 255.255.255.0
!
!
router lisp
site Site-A
authentication-key password123
eid-prefix 192.168.0.0/24
exit
!
site Site-B
authentication-key Amel
eid-prefix 192.168.1.0/24
exit
!
ipv4 map-server
ipv4 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.14.0.1
!
Core
The following example shows how to configure LISP multicast in the Core router:
!
!
interface Ethernet0/0
ip address 10.14.0.1 255.255.255.0
!
interface Serial1/0
ip address 10.2.0.2 255.255.255.0
!
interface Serial2/0
ip address 10.3.0.1 255.255.255.0
!
Example: Configuring LISP Multicast in VRFs

The following example shows how to enable and configure a simple LISP site with one IPv4 Routing locator
(RLOC) and one IPv4 Endpoint identifier (EID) using xTR, a device which functions both as an Ingress tunnel
router (ITR) and an Egress tunnel router (ETR), functionality and using a LISP map server and map resolver
for mapping services:
Device> enable
Device(config)# vrf definition VRF1
Device(config-vrf)# address-family ipv4
Device(config-vrf-af)# exit

105
LISP Multicast
Additional References for LISP Multicast
Device(config-vrf)# exit
Device(config)# ip multicast-routing vrf VRF1 [distributed]
Device(config)# ip pim vrf VRF1 ssm range LIST1
Device(config)# router lisp 22
Device(config-router-lisp)# eid-table vrf VRF1 instance-id 10
Device(config-router-lisp-eid-table)# database-mapping 198.51.100.0/24 192.0.2.10 priority
1 weight 100
Device(config-router-lisp-eid-table)# exit
Device(config-router-lisp)# ipv4 itr
Device(config-router-lisp)# ipv4 etr
Device(config-router-lisp)# ipv4 itr map-resolver 192.0.2.10
Device(config-router-lisp)# ipv4 etr map-server 192.0.2.10 key 0 some-key
Device(config-router-lisp)# exit
Device(config)# interface lisp 22.10
Device(config)# ip route 0.0.0.0 0.0.0.0 192.0.2.20
Device(config)# end
Additional References for LISP Multicast

The following sections provide references related to the Locator ID Separation Protocol.
Related Documents

Cisco IOS commands Cisco IOS Master Command List, All Releases
LISP commands Cisco IOS IP Routing: LISP Command Reference
Standards
Standard Title
Address family numbers IANA Address Family Numbers
MIBs
MIB MIBs Link

None To locate and download MIBs for selected platforms,

106
LISP Multicast
Feature Information for LISP Multicast
RFCs
RFC Title
RFC 6830 Locator/ID Separation Protocol (LISP) http://
tools.ietf.org/html/
RFC 6831 LISP Multicast http://tools.ietf.org/html/rfc6831
RFC 6832 Interworking LISP and Non-LISP Sites http://

tools.ietf.org/html/rfc6832
RFC 6833 LISP Map Server Interface http://tools.ietf.org/html/

rfc6833
RFC 6834 LISP Map-Versioning http://tools.ietf.org/html/

rfc6834
RFC 6835 LISP Internet Groper http://tools.ietf.org/html/rfc6835
RFC 6836 LISP Alternative Topology (LISP+ALT) http://

tools.ietf.org/html/rfc6836
Description Link


107
LISP Multicast
Table 3: Feature Information for LISP Multicast

LISP Multicast Cisco IOS XE Release 3.13S The LISP Multicast feature
introduces support for carrying
multicast traffic over a Locator ID
Separation Protocol (LISP) overlay
and allows source multicast sites
and receiver multicast sites to send
and receive multicast packets over
a unicast RLOC core.

108
CHAPTER 5
LISP Shared Model Virtualization
This guide describes how to configure Locator ID Separation Protocol (LISP) shared model virtualization
using Software on all LISP-related devices, including the Egress Tunnel Router, Ingress Tunnel Router
(ITR), Proxy ETR (PETR), Proxy ITR (PITR), Map Resolver (MR), and Map Server (MS).
LISP implements a new routing architecture that utilizes a "level of indirection" to separate an IP address
into two namespaces: Endpoint Identifiers (EIDs), which are assigned to end-hosts, and Routing Locators
(RLOCs), which are assigned to devices (primarily routers) that make up the global routing system. Splitting
EID and RLOC functions yields several advantages including: improved routing system scalability,
multihoming with ingress traffic engineering; efficient IPv6 Transition support; high-scale
virtualization/multitenancy support; data center/VM-mobility support, including session persistence across
mobility events; and seamless mobile node support.

• Information About LISP Shared Model Virtualization, page 110
• How to Configure LISP Shared Model Virtualization, page 115
• Configuration Examples for LISP Shared Model Virtualization, page 146
• Feature Information for LISP Shared Model Virtualization, page 148


109
Information About LISP Shared Model Virtualization
Information About LISP Shared Model Virtualization
Overview of LISP Virtualization

Deploying physical network infrastructure requires both capital investments for hardware, as well as manpower
investments for installation and operational management support. When distinct user groups within an
organization desire to control their own networks, it rarely makes economic sense for these user groups to
deploy and manage separate physical networks. Physical plants are rarely utilized to their fullest, resulting in
stranded capacity (bandwidth, processor, memory, etc.). In addition, the power, rack space, and cooling needs
to physical plants do not satisfy modern “green” requirements. Network virtualization offers the opportunity
to satisfy organizational needs, while efficiently utilizing physical assets.
The purpose of network virtualization, as shown in the figure below, is to create multiple, logically separated
topologies across one common physical infrastructure.
When considering the deployment of a virtualized network environment, take into account both the device
and the path level.
Device Level Virtualization

Virtualization at the device level entails the use of the virtual routing and forwarding (VRF) to create multiple
instances of Layer 3 routing tables, as illustrated in the figure below. VRFs provide segmentation across IP
addresses, allowing for overlapped address space and traffic separation. Separate routing, QoS, security, and
management policies can be applied to each VRF instance. An IGP or EGP routing process is typically enabled

110
within a VFR, just as it would be in the global (default) routing table. As described in detail below, LISP
binds VRFs to instance IDs for similar purposes.
Figure 22: Device Level Virtualization
Path Level Virtualization

VRF table separation is maintained across network paths using any number of traditional mechanisms, as
illustrated in the figure below. Single-hop path segmentation (hop-by-hop) is typically accomplished by
techniques such as 802.1q VLANs, VPI/VCI PW, or EVN. LISP can also be used. Traditional multi-hop
mechanisms include MPLS and GRE tunnels. As described in detail below, LISP binds VRFs to instance IDs
(IIDs), and then these IIDs are included in the LISP header to provide data plane (traffic flow) separation for
single or multihop needs.
Figure 23: Path Level Virtualization

111
LISP Virtualization at the Device Level

Recalling that LISP implements Locator ID separation and, in so doing, creates two namespaces (EIDs and
RLOCs), it is easy to see that LISP virtualization can consider both EID and RLOC namespaces for
virtualization. That is, either or both can be virtualized.
• EID virtualization—Enabled by binding a LISP instance ID to an EID VRF. Instance IDs are numerical
tags defined in the LISP canonical address format (LCAF) draft, and are used to maintain address space
segmentation in both the control plane and data plane.
• RLOC virtualization—Tying locator addresses and associated mapping services to the specific VRF
within which they are reachable enables RLOC virtualization.
Because LISP considers virtualization of both EID and RLOC namespaces, two models of operation are
defined: shared model and parallel model. For completeness, the discussions below begin first with a review
of the default (non-virtualized) model of LISP, and then cover the details of shared and parallel models.
Default (Non-Virtualized) LISP Model

By default, LISP is not virtualized in either EID space or RLOC space. That is, unless otherwise configured,
both EID and RLOC addresses are resolved in the default (global) routing table. This concept is illustrated in
the figure below.
Figure 24: Default (Non-Virtualized) LISP Model (Resolves Both EID and RLOC Addresses in the Default (Global) Routing
Table.
As shown in the figure above, both EID and RLOC addresses are resolved in the default table. The mapping
system must also be reachable via the default table. This default model can be thought of as a single instantiation
of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace
such as is the case in this default table.

112

LISP shared model virtualized EID space is created by binding VRFs associated with an EID space to Instance
IDs. A common, shared locator space is used by all virtualized EIDs. This concept is illustrated in the figure
below.
Figure 25: LISP shared model virtualization resolves EIDs within VRFs tied to Instance IDs. RLOC addresses are resolved
in a common (shared) address space. The default (global) routing table is shown as the shared space.
As shown in the figure above, EID space is virtualized through its association with VRFs, and these VRFs
are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, shared locator
space, the default (global) table as shown in the figure above, is used to resolve RLOC addresses for all
virtualized EIDs. The mapping system must also be reachable via the common locator space.
LISP Shared Model Virtualization Architecture

Architecturally, LISP shared model virtualization can be deployed in single or multitenancy configurations.
In the shared model single tenancy case, xTRs are dedicated to a customer but share infrastructure with other

113
LISP Shared Model Virtualization Architecture
customers. Each customer and all sites associated with it use the same instance ID and are part of a VPN using
their own EID namespace as shown in the figure below.
Figure 26: In a LISP shared model single tenancy use case, customers use their own xTRs and a shared common core
network and mapping system. LISP instance IDs segment the LISP data plane and control plane.
In the shared model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers. These
customers also share a common infrastructure with other single and multitenant customers. Each customer
and all sites associated with it use the same instance ID and are part of a VPN using their own EID namespace
as shown in the figure below.
Figure 27: In a LISP shared model multitenancy use case, customer's use shared xTRs and a shared common core network
and mapping system. LISP instance IDs segment the LISP data plane and control plane.

114
LISP Shared Model Virtualization Implementation Considerations and Caveats
LISP Shared Model Virtualization Implementation Considerations and Caveats

When LISP Shared Model is implemented, several important considerations and caveats are important. Instance
IDs must be unique to an EID VRF. Review the example below:
xTR-1(config)# vrf definition alpha
xTR-1(config-vrf)# address-family ipv4
xTR-1(config-vrf-af)# exit
xTR-1(config)# vrf definition beta
xTR-1(config-vrf)# exit
xTR-1(config)# router lisp
xTR-1(config-router-lisp)# eid-table vrf alpha instance-id 101
xTR-1(config-router-lisp-eid-table)# exit
xTR-1(config-router-lisp)# eid-table vrf beta instance-id 101
Instance ID 101 is bound to the vrf alpha EID table.
In the above example, two EID VRFs are created: alpha and beta. Under the router lisp command, an EID
table VRF named alpha is specified and associated with the instance ID 101. Next, an EID table VRF named
beta is specified and also associated with the instance ID 101. As indicated by the router, this is not permissible
since instance ID 101 is already associated with the EID VRF named alpha. That is, you cannot connect the
same instance-id to more than one EID VRF.
How to Configure LISP Shared Model Virtualization
Configure Simple LISP Shared Model Virtualization

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality with LISP map server and map
resolver to implement LISP shared model virtualization. This LISP shared model reference configuration is
for a very simple two-site LISP topology, including xTRs and an MS/MR.
The configuration implemented in this task and illustrated in the figure below shows a basic LISP shared
model virtualization solution. In this example, two LISP sites are deployed, each containing two VRFs:

115
PURPLE and GOLD. LISP is used to provide virtualized connectivity between these two sites across a common
IPv4 core, while maintaining address separation between the two VRFs.
Figure 28: Simple LISP Site with virtualized IPv4 and IPv6 EIDs and a shared IPv4 core
Each LISP Site uses a single edge router configured as both an ITR and ETR (xTR), with a single connection
to its upstream provider. The RLOC is IPv4, and IPv4 and IPv6 EID prefixes are configured. Each LISP site
registers to a map server/map resolver (MS/MR) device located in the network core within the shared RLOC
address space. The topology used in this most basic LISP configuration is shown in the figure above.
The components illustrated in the topology shown in the figure above are described below:
• LISP site:
• Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and
IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration
purposes. A LISP instance-id is used to maintain separation between two VRFs. Note that in this
example, the share key is configured "per-site" and not "per-VRF." (Case 2 illustrates a configuration
where the shared key is per-VPN.)
• Each LISP xTR has a single RLOC connection to a shared IPv4 core network.
• Mapping system:
• One map server/map resolver system is shown in the figure above and assumed available for the
LISP xTR to register to. The MS/MR has an IPv4 RLOC address of 10.0.2.2, within the shared
IPv4 core.
• The map server site configurations are virtualized using LISP instance-ids to maintain separation
between the two VRFs.
and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The

116
Before You Begin

The configuration below assumes that the referenced VRFs were created using the vrf definition command.
SUMMARY STEPS
2. router lisp
3. eid-table vrfvrf-name instance-id instance-id
4. Do one of the following:
5. Repeat Step 4 until all EID-to-RLOC mappings for the LISP site are configured.
6. exit
7. ipv4 itr
8. ipv4 etr
11. ipv6 itr
12. ipv6 etr
15. exit
17. exit
DETAILED STEPS

Example:
Example:

117

Step 3 eid-table vrfvrf-name instance-id instance-id Configures an association between a VRF table and a LISP instance ID,
and enters eid-table configuration submode.
Example: • In this example, the VRF table GOLD and instance-id 102 are
Router(config-router-lisp)# eid-table associated together.
vrf GOLD instance-id 102
Step 4 Do one of the following: Configures an EID-to-RLOC mapping relationship and its associated
traffic policy for this LISP site.
• database-mapping
EID-prefix/prefix-length locator priority • In the first example, a single IPv4 EID prefix, 192.168.1.0/24, is
priority weight weight being associated with the single IPv4 RLOC 10.0.0.2.
• database-mapping • In the second example, the alternative configuration shows the use
EID-prefix/prefix-length locator priority of the dynamic interface form of the database-mapping command.
priority weight weight This form is useful when the RLOC address is obtained dynamically,
such as via DHCP.
Example:
Router(config-router-lisp-eid-table)#
Example:
ipv4-interface Ethernet0/0 priority 1
weight 100
Step 5 Repeat Step 4 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated
mappings for the LISP site are configured. traffic policy for this LISP site.
Example:
database-mapping 2001:db8:b:a::/64
Step 6 exit Exits eid-table configuration submode and returns to LISP configuration
mode.
Example:
exit
Example:

118

Example:
router will send map request messages for IPv4 EID-to-RLOC mapping
connectivity, the map resolver is reachable using its IPv4 locator
address. (See the LISP Command Reference Guide for more details.)

resolvers are available. (See the LISP Command Reference Guide
for more details.)
Step 10 ipv4 etr map-server map-server-address key Configures a locator address for the LISP map server and an authentication
key-type authentication-key key for which this router, acting as an IPv4 LISP ETR, will use to register
with the LISP mapping system.
Example: • The map server must be configured with EID prefixes and instance
Router(config-router-lisp)# ipv4 etr IDs matching those configured on this ETR and with an identical
map-server 10.0.2.2 key 0 Left-key authentication key.
connectivity, the map-server is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more
details.)
Example:
Example:
router will send map request messages for IPv6 EID-to-RLOC mapping
connectivity, the map-resolver is reachable using its IPv4 locator

119

details.)

for more details.)
Step 14 ipv6 etr map-server map-server-address key Configures a locator address for the LISP map-server and an authentication
key-type authentication-key key that this router, acting as an IPv6 LISP ETR, will use to register to
the LISP mapping system.
Example: • The map-server must be configured with EID prefixes and instance
Router(config-router-lisp)# ipv6 etr IDs matching those configured on this ETR and with an identical
map-server 10.0.2.2 key 0 Left-key authentication key.
Note The locator address of the map-server may be an IPv4 or IPv6

details.)
Example:
destinations.
Example: • All IPv4 EID-sourced packets destined to both LISP and non-LISP
Router(config)# ip route 0.0.0.0 sites are forwarded in one of two ways:
0.0.0.0 10.0.0.1

they are sourced from a LISP EID and the destination matches one
of the following entries:
• no route at all

connectivity, a default route to the upstream SP is used for all IPv4 packets
to support LISP processing.

120

Example:
Example:
The examples below show the complete configuration for the LISP topology illustrated in the figure shown
above the task steps and follows the examples in the steps in this task. On the xTRs, the VRFs and EID prefixes
are assumed to be attached to VLANs configured on the devices.
Example configuration for the Left xTR:
hostname Left-xTR
!
!
vrf definition PURPLE
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
ip address 10.0.0.2 255.255.255.0
!
interface Ethernet1/0.1
encapsulation dot1q 101
vrf forwarding PURPLE
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:A:A::1/64
!
vrf forwarding GOLD
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:B:A::1/64
!
router lisp
eid-table vrf PURPLE instance-id 101
database-mapping 2001:DB8:A:A::/64 10.0.0.2 priority 1 weight 1
eid-table vrf GOLD instance-id 102
database-mapping 2001:DB8:B:A::/64 10.0.0.2 priority 1 weight 1
exit
!
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Left-key
ipv4 etr
ipv6 itr

121
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
Example configuration for Right xTR:
hostname Right-xTR
!
!
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
ip address 10.0.1.2 255.255.255.0
!
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:A:B::1/64
!
vrf forwarding GOLD
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:B:B::1/64
!
router lisp
database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1
exit
!
ipv4 itr
ipv4 etr map-server 10.0.2.2 key Right-key
ipv4 etr
ipv6 itr
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
!
Configuring a Private LISP Mapping System for LISP Shared Model Virtualization
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP
shared model virtualization. In this task, a Cisco router is configured as a standalone map server/map resolver
(MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone device, it
has no need for LISP Alternate Logical Topology (ALT) connectivity. All relevant LISP sites must be

122
configured to register with this map server so that this map server has full knowledge of all registered EID
Prefixes within the (assumed) private LISP system.
SUMMARY STEPS
1. enable
3. router lisp
4. site site-name
6. eid-prefix instance-id instance-id EID-prefix
8. exit
10. ipv4 map-server
12. ipv6 map-server
13. end
DETAILED STEPS

Example:
Router> enable
Example:
Step 3 router lisp Enters LISP configuration mode (IOS only).
Example:
Step 4 site site-name Specifies a LISP site named Left and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on
Router(config-router-lisp)# site Left which it is configured. It has no relevance anywhere else.
This name is used solely as an administrative means of
associating EID-prefix or prefixes with an authentication
key and other site-related mechanisms.

123

Step 5 authentication-key [key-type] Configures the password used to create the SHA-2 HMAC hash for
authentication-key authenticating the map register messages sent by an ETR when
registering to the map server.
Example: Note The LISP ETR must be configured with an identical
Router(config-router-lisp-site)# authentication key as well as matching EID prefixes and
authentication-key 0 Left-key instance IDs.
Step 6 eid-prefix instance-id instance-id EID-prefix Configures an EID prefix and instance ID that are allowed in a map
register message sent by an ETR when registering to this map server.
Example: Repeat this step as necessary to configure additional EID prefixes
under this LISP site.
eid-prefix instance-id 102 192.168.1.0/24 • In this example, the IPv4 EID prefix 192.168.1.0/24 and
instance ID 102 are associated together. To complete this task,
an IPv6 EID prefix is required.
Example: • In this example, the IPv6 EID prefix 2001:db8:a:b::/64 and
Router(config-router-lisp-site)# instance ID 102 are associated together.
eid-prefix instance-id 102
2001:db8:a:b::/64
mode.
Example:
family.
Example:
map-resolver
family.
Example:
map-server
family.
Example:
map-resolver

124
Configure Large-Scale LISP Shared Model Virtualization

family.
Example:
map-server
Step 13 end Exits LISP configuration mode and returns to privileged EXEC mode.
Example:
Router(config-router-lisp)# end
Example:
Example configuration for the map server/map resolver.
hostname MSMR
!
ip address 10.0.2.2 255.255.255.0
!
router lisp
!
site Left
authentication-key Left-key
eid-prefix instance-id 101 192.168.1.0/24
eid-prefix instance-id 101 2001:DB8:A:A::/64
eid-prefix instance-id 102 2001:DB8:B:A::/64
exit
!
site Right
authentication-key Right-key
eid-prefix instance-id 101 2001:DB8:A:B::/64
eid-prefix instance-id 102 2001:DB8:B:B::/64
exit
!
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.2.1

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality with LISP map server and map
resolver to implement LISP shared model virtualization. This LISP shared model reference configuration is
for a large-scale, multiple-site LISP topology, including xTRs and multiple MS/MRs.

125
The configuration demonstrated in this task shows a more complex, larger scale LISP virtualization solution.
In this task, an enterprise is deploying LISP Shared Model where EID space is virtualized over a shared,
common core network. A subset of their entire network is illustrated in Figure 12. In this figure, three sites
are shown: a multihomed "Headquarters" (HQ) site, and two remote office sites. The HQ site routers are
deployed as xTRs and also as map resolver/map servers. The remote site routers only act as xTRs, and use
the MS/MRs at the HQ site for LISP control plane support.
Figure 29: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
• LISP site:
• Each CPE router functions as a LISP ITR and ETR (xTR), as well as a Map-Server/Map-Resolver
(MS/MR).
• Both LISP xTRs have three VRFs: TRANS (for transactions), SOC (for security operations), and
FIN (for financials). Each VRF contains only IPv4 EID-prefixes. Note that no overlapping prefixes
are used, but segmentation between each VRF by LISP instance-ids makes this possible. Also note
that in this example, the separate authentication key is configured “per-vrf ? and not “per-site. ?
This affects both the xTR and MS configurations.
• The HQ LISP Site is multi-homed to the shared IPv4 core, but each xTR at the HQ site has a single
RLOC.
• Each CPE also functions as an MS/MR to which the HQ and Remote LISP sites can register.
• The map server site configurations are virtualized using LISP instance IDs to maintain separation
between the three VRFs.

126
• LISP remote sites:

• Each remote site CPE router functions as a LISP ITR and ETR (xTR).
• Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF
contains only IPv4 EID-prefixes.
• Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.
Before You Begin

SUMMARY STEPS
2. router lisp
3. site site-name
5. eid-prefix instance-id instance-id EID-prefix/prefix-length accept-more-specifics
6. exit
7. Repeat steps 3 through 6 for each LISP site to be configured.
9. ipv4 map-server
12. Repeat Step 11 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for the LISP
site are configured.
14. Repeat Step 13 to configure another locator address for the same LISP map server
15. exit
17. Repeat Step 16 to configure another locator address for the LISP map resolver
18. ipv4 itr
19. ipv4 etr
20. exit
22. exit

127
DETAILED STEPS

Example:
Example:
Step 3 site site-name Specifies a LISP site named TRANS and enters LISP site configuration
mode.
Example: Note A LISP site name is locally significant to the map server on which
Router(config-router-lisp)# site it is configured. It has no relevance anywhere else. This name is
TRANS used solely as an administrative means of associating EID-prefix
or prefixes with an authentication key and other site-related
mechanisms.
authentication-key authenticating the map register messages sent by an ETR when registering
to the map server.
Example: Note The LISP ETR must be configured with an identical authentication
Router(config-router-lisp-site)# key as well as matching EID prefixes and instance IDs.
authentication-key 0 TRANS-key
Step 5 eid-prefix instance-id instance-id Configures an EID prefix and instance ID that are allowed in a map register
EID-prefix/prefix-length message sent by an ETR when registering to this map server. Repeat this
accept-more-specifics step as necessary to configure additional EID prefixes under this LISP site.
• In the example, EID-prefix 10.1.0.0/16 and instance-id 1 are associated
Example: together. The EID-prefix 10.1.0.0/16 is assumed to be an aggregate
Router(config-router-lisp-site)# covering all TRANS EID-prefixes at all LISP Sites. The keyword
eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics is needed in this case to allow each site to
accept-more-specifics
register its more-specific EID-prefix contained within that aggregate.
If aggregation is not possible, simply enter all EID-prefixes integrated
within instance-id 1.
Step 6 exit Exits LISP site configuration mode and returns to LISP configuration mode.
Example:

128

Step 7 Repeat steps 3 through 6 for each LISP site In this example, steps 3 through 6 would be repeated for the site SOC and
to be configured. FIN as illustrated in the complete configuration example at the end of this
task.
Step 8 ipv4 map-resolver Enables LISP map resolver functionality for EIDs in the IPv4 address family.
Example:
map-resolver
Step 9 ipv4 map-server Enables LISP map server functionality for EIDs in the IPv4 address family.
Example:
map-server
Step 10 eid-table vrfvrf-name instance-id Configures an association between a VRF table and a LISP instance ID,
instance-id and enters eid-table configuration submode.
• In this example, the VRF table TRANS and instance-id 1 are associated
Example: together.
Router(config-router-lisp)# eid-table
vrf TRANS instance-id 1
• In this example, the EID prefix 10.1.1.0/24 within instance-id 1 at this
Example: site is associated with the local IPv4 RLOC 172.16.1.2, as well as with
Router(config-router-lisp-eid-table)# the neighbor xTR RLOC 172.6.1.6.
Step 12 Repeat Step 11 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
mappings within this eid-table vrf and policy for this LISP site.
instance ID for the LISP site are configured.
Example:
key key-type authentication-key key for which this router, acting as an IPv4 LISP ETR, will use to register
Example: • In this example, the map server and authentication-key are specified
Router(config-router-lisp-eid-table)# here, within the eid-table subcommand mode, so that the authentication
ipv4 etr map-server 172.16.1.2 key key is associated only with this instance ID, within this VPN.
0 TRANS-key

129

Note The map server must be configured with EID prefixes and
instance-ids matching the one(s) configured on this ETR, as well
as an identical authentication key.
connectivity, the map server is reachable using its IPv4 locator
details.)
Step 14 Repeat Step 13 to configure another locator Configures a locator address for the LISP map server and an authentication
address for the same LISP map server key for which this router, acting as an IPv4 LISP ETR, will use to register
Example: • In this example, a redundant map server is configured. (Because the
Router(config-router-lisp-eid-table)# MS is co-located with the xTRs in this case, this command indicates
ipv4 etr map-server 172.16.1.6 key that this xTR is pointing to itself for registration (and its neighbor
0 TRANS-key
xTR/MS/MR at the same site).
mode.
Example:
exit
Step 16 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which this router
will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
Example: • In this example, the map resolver is specified within router lisp
Router(config-router-lisp)# ipv4 itr configuration mode and inherited into all eid-table instances since
map-resolver 172.16.1.2 nothing is related to any single instance ID. In addition, redundant
map resolvers are configured. (Because the MR is co-located with the
xTRs in this case, this command indicates that this xTR is pointing to
itself for mapping resolution (and its neighbor xTR/MS/MR at the
same site).
• The locator address of the map resolver may be an IPv4 or IPv6

for more details.)
Step 17 Repeat Step 16 to configure another locator Configures a locator address for the LISP map resolver to which this router
address for the LISP map resolver will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
• In this example, a redundant map resolver is configured. (Because the
Example: MR is co-located with the xTRs in this case, this command indicates
Router(config-router-lisp)# ipv4 itr that this xTR is pointing to itself for mapping resolution (and its
map-resolver 172.16.1.6 neighbor xTR/MS/MR at the same site).

130


for more details.)
Example:
Example:
Example:

• no route at all
LISP processing.

131

Example:
Example:
The examples below show the complete configuration for the HQ-RTR-1 and HQ-RTR-2 (xTR/MS/MR
located at the HQ Site), and Site2-xTR LISP devices illustrated in the figure above and in this task. Note that
both HQ-RTR-1 and HQ-RTR-2 are provided in order to illustrate the proper method for configuring a LISP
multihomed site.
Example configuration for HQ-RTR-1 with an xTR, a map server and a map resolver:
hostname HQ-RTR-1
!
vrf definition TRANS
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
description Management Loopback (in default space)
ip address 172.31.1.11 255.255.255.255
!
description WAN Link to IPv4 Core
ip address 172.16.1.2 255.255.255.252
negotiation auto
!
vrf forwarding TRANS
ip address 10.1.1.1 255.255.255.0
negotiation auto
!
vrf forwarding SOC
ip address 10.2.1.1 255.255.255.0
negotiation auto
!
vrf forwarding FIN
ip address 10.3.1.1 255.255.255.0
negotiation auto
!
router lisp
eid-table default instance-id 0
ipv4 etr map-server 172.16.1.2 key DEFAULT-key
exit

132
!
eid-table vrf TRANS instance-id 1
ipv4 etr map-server 172.16.1.2 key TRANS-key
exit
!
eid-table vrf SOC instance-id 2
ipv4 etr map-server 172.16.1.2 key SOC-key
exit
!
eid-table vrf FIN instance-id 3
ipv4 etr map-server 172.16.1.2 key FIN-key
exit
!
site DEFAULT
authentication-key DEFAULT-key
eid-prefix 172.31.1.0/24 accept-more-specifics
exit
!
site TRANS
authentication-key TRANS-key
eid-prefix instance-id 1 10.1.0.0/16 accept-more-specifics
exit
!
site SOC
authentication-key SOC-key
exit
!
site FIN
authentication-key FIN-key
exit
!
ipv4 map-server
ipv4 map-resolver
ipv4 itr
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
Example configuration for HQ-RTR-2 with an xTR, a map server and a map resolver:
hostname HQ-RTR-2
!
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
ip address 172.31.1.12 255.255.255.255
!

133

ip address 172.16.1.6 255.255.255.252
negotiation auto
!
ip address 10.1.1.2 255.255.255.0
negotiation auto
!
vrf forwarding SOC
ip address 10.2.1.2 255.255.255.0
negotiation auto
!
vrf forwarding FIN
ip address 10.3.1.2 255.255.255.0
negotiation auto
!
router lisp
exit
!
exit
!
exit
!
exit
!
site DEFAULT
authentication-key DEFAULT-key
exit
!
site TRANS
authentication-key TRANS-key
exit
!
site SOC
authentication-key SOC-key
exit
!
site FIN
authentication-key FIN-key
exit
!
ipv4 map-server
ipv4 map-resolver
ipv4 itr

134
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 172.16.1.5
Configure a Remote Site for Large-Scale LISP Shared Model Virtualization

Perform this task to enable and configure LISP ITR/ETR (xTR) functionality at a remote site to implement
LISP shared model virtualization as part of a large-scale, multiple-site LISP topology.
The configuration demonstrated in this task is part of a more complex, larger scale LISP virtualization solution.
In this task, the configuration applies to one of the remote sites shown in the figure below. In this task, the
remote site routers only act as xTRs, and use the MS/MRs at the HQ site for LISP control plane support.
Figure 30: Large Scale LISP Site with Virtualized IPv4 EIDs and a Shared IPv4 Core
• LISP remote sites:
• Each remote site CPE router functions as a LISP ITR and ETR (xTR).
• Each LISP xTRs has the same three VRFs as the HQ Site: TRANS, SOC, and FIN. Each VRF
contains only IPv4 EID-prefixes.
• Each remote site LISP xTR has a single RLOC connection to a shared IPv4 core network.

135
Before You Begin

The configuration below assumes that the referenced VRFs were created using the vrf definition command
and that the Configure a Large-Scale LISP Shared Model Virtualization task has been performed at one or
more central (headquarters) sites.
SUMMARY STEPS
2. router lisp
6. Repeat Step 13 to configure another locator address for the same LISP map server
7. exit
9. Repeat Step 16 to configure another locator address for the LISP map resolver
10. ipv4 itr
11. ipv4 etr
12. exit
14. exit
DETAILED STEPS

Example:
Example:
Step 3 eid-table vrfvrf-name instance-id Configures an association between a VRF table and a LISP instance ID, and
instance-id enters eid-table configuration submode.
• In this example, the VRF table TRANS and instance-id 1 are associated
Example: together.
vrf TRANS instance-id 1

136

• In this example, the EID prefix 10.1.2.0/24 within instance-id 1 at this
Example: site is associated with the local IPv4 RLOC 172.16.2.2.
Router(config-router-lisp-eid-table)# Note Repeat this step until all EID-to-RLOC mappings within this
172.16.2.2 priority 1 weight 100 eid-table vrf and instance ID for the LISP site are configured.
Example: • In this example, the map server and authentication-key are specified
Router(config-router-lisp-eid-table)# here, within the eid-table subcommand mode, so that the authentication
ipv4 etr map-server 172.16.1.2 key key is associated only with this instance ID, within this VPN.
0 TRANS-key
Note The map server must be configured with EID prefixes and
instance-ids matching the one(s) configured on this ETR, as well
as an identical authentication key.
connectivity, the map server is reachable using its IPv4 locator
details.)
Step 6 Repeat Step 13 to configure another locator Configures a locator address for the LISP map server and an authentication
address for the same LISP map server key for which this router, acting as an IPv4 LISP ETR, will use to register
Example: • In this example, a redundant map server is configured. (Because the
Router(config-router-lisp-eid-table)# MS is co-located with the xTRs in this case, this command indicates
ipv4 etr map-server 172.16.1.6 key that this xTR is pointing to itself for registration (and its neighbor
0 TRANS-key
xTR/MS/MR at the same site).
mode.
Example:
exit
Router(config-router-lisp)# ipv4 itr configuration mode and inherited into all eid-table instances since
map-resolver 172.16.1.2 nothing is related to any single instance ID. In addition, redundant map
resolvers are configured. (Because the MR is co-located with the xTRs
in this case, this command indicates that this xTR is pointing to itself
for mapping resolution (and its neighbor xTR/MS/MR at the same site).
In this example, because each xTR has only IPv4 RLOC connectivity,

137

the map resolver is reachable using its IPv4 locator address. (See the
LISP Command Reference Guide for more details.)

are available. (See the LISP Command Reference Guide for more
details.)
Step 9 Repeat Step 16 to configure another locator Configures a locator address for the LISP map resolver to which this router
address for the LISP map resolver will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
• In this example, a redundant map resolver is configured. (Because the
Example: MR is co-located with the xTRs in this case, this command indicates
Router(config-router-lisp)# ipv4 itr that this xTR is pointing to itself for mapping resolution (and its
map-resolver 172.16.1.6 neighbor xTR/MS/MR at the same site).
In this example, because each xTR has only IPv4 RLOC connectivity,
the map resolver is reachable using its IPv4 locator address. (See the
LISP Command Reference Guide for more details.)

are available. (See the LISP Command Reference Guide for more
details.)
Example:
Example:
Example:

138

• no route at all
LISP processing.
Example:
Example:
The example below show the complete configuration for the remote site device illustrated in the figure above
and in this task. Note that only one remote site configuration is shown here.
Example configuration for Site 2 with an xTR, and using the map server and a map resolver from the HQ site:
hostname Site2-xTR
!
address-family ipv4
exit
!
vrf definition SOC
address-family ipv4
exit
!
vrf definition FIN
address-family ipv4
exit
!
interface Loopback0
ip address 172.31.1.2 255.255.255.255
!
ip address 172.16.2.2 255.255.255.252
negotiation auto
!
ip address 10.1.2.1 255.255.255.0
negotiation auto
!
vrf forwarding SOC

139
Verifying and Troubleshooting LISP Virtualization
ip address 10.2.2.1 255.255.255.0

negotiation auto
!
vrf forwarding FIN
ip address 10.3.2.1 255.255.255.0
negotiation auto
!
router lisp
exit
!
exit
!
exit
!
exit
!
ipv4 itr
ipv4 etr
exit
!
ip route 0.0.0.0 0.0.0.0 172.16.2.1

After configuring LISP, verifying and troubleshooting LISP configuration and operations may be performed
by following the optional steps described below. Note that certain verification and troubleshooting steps may
only apply to certain types of LISP devices.

140
In this task, the topology is shown in the figure below and the configuration is from the “Configure Simple
LISP Shared Model Virtualization” task, but the commands are applicable to both LISP shared and parallel
model virtualization.
Figure 31: Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 Core
Note The following examples do not show every available command and every available output display. Refer
to the Cisco IOS LISP Command Reference for detailed explanations of each command.
SUMMARY STEPS
1. enable
5. show [ip | ipv6] lisp database [eid-table vrf vrf-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
DETAILED STEPS
Step 1 enable

141
Example:
Router> enable

device. This command applies to any LISP device. The following is sample output from the show running-config |
section router lisp command when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and a
shared IPv4 core:
Example:
router lisp
exit
!
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
exit

configured on the device, as applicable to the IPv4 and IPv6 address families respectively. This command applies to any
LISP device.
Example:
The first example shows a summary of LISP operational status and IPv6 address family information by EID table:
Router# show ipv6 lisp eid-table summary
Instance count: 2
Key: DB - Local EID Database entry count (@ - RLOC check pending
* - RLOC consistency problem),
DB no route - Local EID DB entries with no matching RIB route,
Cache - Remote EID mapping cache size, IID - Instance ID,
Role - Configured Role
Interface DB DB no Cache Incom Cache

EID VRF name (.IID) size route size plete Idle Role
PURPLE LISP0.101 1 0 1 0.0% 0.0% ITR-ETR
GOLD LISP0.102 1 0 1 0.0% 0.0% ITR-ETR
Example:
The second example shows LISP operational status and IPv6 address family information for the VRF named PURPLE:
Router# show ipv6 lisp eid-table vrf PURPLE

142
Instance ID: 101

Router-lisp ID: 0
Locator table: default
EID table: PURPLE
Map-Request source: 2001:DB8:A:A::1
ITR Map-Resolver(s): 10.0.2.2
ETR Map-Server(s): 10.0.2.2 (00:00:24)
ITR use proxy ETR RLOC(s): none
Example:
The third example shows LISP operational status and IPv6 address family information for the instance ID of 101:
Router# show ipv6 lisp instance-id 101
Instance ID: 101

ETR Map-Server(s): 10.0.2.2 (00:00:11)
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 60 secs

status of the map cache on a device configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families
respectively.
Example:
The following example shows IPv6 mapping cache information based on a configuration when a simple LISP site is
configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core. This example output assumes that a
map-cache entry has been received for another site with the IPv6 EID prefix 2001:db8:b:b::/64.
Router# show ip lisp map-cache eid-table vrf GOLD
LISP IPv6 Mapping Cache for EID-table vrf GOLD (IID 102), 2 entries

2001:DB8:B:B::/64, uptime: 00:00:10, expires: 23:59:42, via map-reply, complete
10.0.1.2 00:00:10 up 1/1
Step 5 show [ip | ipv6] lisp database [eid-table vrf vrf-name]
The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the operational
status of the database mapping on a device configured as an ETR, as applicable to the IPv4 and IPv6 address families
respectively.

143
Example:
The following example shows IPv6 mapping database information for the VRF named GOLD.
Router# show ipv6 lisp database eid-table vrf GOLD
LISP ETR IPv6 Mapping Database for EID-table vrf GOLD (IID 102), LSBs: 0x1, 1 entries
EID-prefix: 2001:DB8:B:A::/64
10.0.0.2, priority: 1, weight: 1, state: site-self, reachable
server. This command only applies to a device configured as a map server. The following example output is based on a
configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information
for the instance ID of 101.
Example:
Router# show lisp site instance-id 101
Site Name Last Up Who Last Inst EID Prefix

Register Registered ID
Left 00:00:36 yes 10.0.0.2 101 192.168.1.0/24
00:00:43 yes 10.0.0.2 101 2001:DB8:A:A::/64
Right 00:00:31 yes 10.0.1.2 101 192.168.2.0/24
00:00:02 yes 10.0.1.2 101 2001:DB8:A:B::/64
Example:
This second example shows LISP site information for the IPv6 EID prefix of 2001:db8:a:a:/64 and instance ID of 101.
Router# show lisp site 2001:db8:a:a:/64 instance-id 101
Site name: Left

Requested EID-prefix:
EID-prefix: 2001:DB8:A:A::/64 instance-id 101
ETR 10.0.0.2, last registered 00:00:22, no proxy-reply, no map-notify
TTL 1d00h
10.0.0.2 yes up 1/1
Step 7 lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
query for the indicated destination hostname or EID, or the routers local EID-prefix. This command provides a simple
means of testing whether a destination EID exists in the LISP mapping database system, or your site is registered with
the mapping database system. This command is applicable for both the IPv4 and IPv6 address families and applies to
any LISP device that maintains a map cache (for example, if configured as an ITR or PITR). The following example
output is based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes
and shows the information for the instance ID of 101 and the IPv4 EID prefix of 192.168.2.1.

144
Example:
Router# lig instance-id 101 192.168.2.1
10.0.1.2 00:00:00 up 1/1
Example:
This second example output shows information about the VRF named PURPLE:
Router# lig eid-table vrf PURPLE self
10.0.0.1 00:00:00 up, self 1/1
The ping command is useful for testing basic network connectivity and reachability and/or liveness of a destination EID
or RLOC address. When using ping it is important to be aware that because LISP uses an encapsulation, you should
always specify a source address; never allow the ping application to assign its own default source address. This is because
there are four possible ways to use ping, and without explicitly indicating the source address, the wrong one may be
used by the application leading to erroneous results that complicate operational verification or troubleshooting. The four
possible uses of ping include:
• RLOC-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the “echo-reply ? back
natively. This can be used to test the underlying network connectivity between locators of various devices, such
as xTR to Map-Server or Map-Resolver.
• EID-to-EID—Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back LISP-encaped. This
can be used to test the LISP data plane (encapsulation) between LISP sites.
• EID-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the "echo-reply" back LISP-encaped
through a PITR mechanism. This can be used to test the PITR infrastructure.
• RLOC-to-EID - Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back natively. This can
be used to test PETR capabilities.
The ping command is applicable to the IPv4 and IPv6 address families respectively, and can be used on any LISP device
in some manner. (The ability to do LISP encapsulation, for example, requires the device to be configured as an ITR or
PITR.)
The following example output from the ping command is based on a configuration when a simple LISP site is configured
with virtualized IPv4 and IPv6 EID prefixes. (Note that ping is not a LISP command and does not know about an EID
table or an instance ID. When virtualization is included, output limiters can only be specified by VRF.)
Example:
Router# ping vrf PURPLE 2001:DB8:a:b::1 source 2001:DB8:a:a::1 rep 100

Sending 100, 100-byte ICMP Echos to 2001:DB8:A:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:A::1%PURPLE
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

145
Configuration Examples for LISP Shared Model Virtualization
Example:
Router# ping vrf GOLD
Protocol [ip]: ipv6

Target IPv6 address: 2001:db8:b:b::1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands? [no]: y
Source address or interface: 2001:db8:b:a::1
.
.
.
Sending 5, 100-byte ICMP Echos to 2001:DB8:B:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:B:A::1%GOLD
!!!!!

entries stored by the router. This can be useful trying to quickly verify the operational status of the LISP control plane.
This command applies to a LISP device that maintains a map cache (for example, if configured as an ITR or PITR).
Example:
The following example displays IPv4 mapping cache information for instance ID 101, shows the command used to clear
the mapping cache for instance ID 101, and displays the show information after clearing the cache.
Router# show ip lisp map-cache instance-id 101
LISP IPv4 Mapping Cache for EID-table vrf PURPLE (IID 101), 2 entries

10.0.1.2 00:20:13 up 1/1
Router# clear ip lisp map-cache instance-id 101

Configuration Examples for LISP Shared Model Virtualization

Complete configuration examples are available within each task under the “How to Configure LISP Shared
Model Virtualization” section.

146
Related Documents

Enterprise IPv6 Transitions Strategy Using the Cisco LISP Software Image Download Page
Locator/ID Separation Protocol
Cisco IOS LISP0 Virtual Interface, Application Note, Cisco LISP Software Image Download Page
Version 1.0
Cross-Platform Release Notes for Cisco IOS Release http://www.cisco.com/en/US/docs/ios/15_2m_and_t/

15.2M&T release/notes/15_2m_and_t.html
Standards
Standard Title
MIBs
MIB MIBs Link

RFCs
RFC Title


147
Feature Information for LISP Shared Model Virtualization
RFC Title
draft-ietf-lisp-LCAF-06 LISP Canonical Address Format (LCAF) http://

tools.ietf.org/wg/lisp/


draft-ietf-lisp-mib-03 LISP MIB http://tools.ietf.org/wg/lisp/

draft-ietf-lisp-mib/
Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/index.html
provides online resources to download documentation,
software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve
technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID
and password.


148
Table 4: Feature Information for LISP Shared Model Virtualization

LISP Shared Model Virtualization 15.2(2)T LISP Shared Model Virtualization
feature uses Endpoint Identifier
15.1(1)SY1
(EID) spaces that are created by
binding VRFs associated with an
EID space to Instance IDs. A
common, “shared” locator space is
used by all virtualized EIDs.

149

150
CHAPTER 6
LISP Parallel Model Virtualization
• Information About LISP Parallel Model Virtualization, page 151
• How to Configure LISP Parallel Model Virtualization, page 156
• Configuration Examples for LISP Parallel Model Virtualization, page 174
• Feature Information for LISP Parallel Model Virtualization, page 176

Information About LISP Parallel Model Virtualization

Deploying physical network infrastructure requires both capital investments for hardware, as well as manpower
investments for installation and operational management support. When distinct user groups within an
organization desire to control their own networks, it rarely makes economic sense for these user groups to
deploy and manage separate physical networks. Physical plants are rarely utilized to their fullest, resulting in
stranded capacity (bandwidth, processor, memory, etc.). In addition, the power, rack space, and cooling needs
to physical plants do not satisfy modern “green” requirements. Network virtualization offers the opportunity
to satisfy organizational needs, while efficiently utilizing physical assets.

151
The purpose of network virtualization, as shown in the figure below, is to create multiple, logically separated
topologies across one common physical infrastructure.
When considering the deployment of a virtualized network environment, take into account both the device
and the path level.
Device Level Virtualization

Virtualization at the device level entails the use of the virtual routing and forwarding (VRF) to create multiple
instances of Layer 3 routing tables, as illustrated in the figure below. VRFs provide segmentation across IP
addresses, allowing for overlapped address space and traffic separation. Separate routing, QoS, security, and
management policies can be applied to each VRF instance. An IGP or EGP routing process is typically enabled
within a VFR, just as it would be in the global (default) routing table. As described in detail below, LISP
binds VRFs to instance IDs for similar purposes.
Figure 33: Device Level Virtualization

152
Path Level Virtualization

VRF table separation is maintained across network paths using any number of traditional mechanisms, as
illustrated in the figure below. Single-hop path segmentation (hop-by-hop) is typically accomplished by
techniques such as 802.1q VLANs, VPI/VCI PW, or EVN. LISP can also be used. Traditional multi-hop
mechanisms include MPLS and GRE tunnels. As described in detail below, LISP binds VRFs to instance IDs
(IIDs), and then these IIDs are included in the LISP header to provide data plane (traffic flow) separation for
single or multihop needs.
Figure 34: Path Level Virtualization
LISP Virtualization at the Device Level

Recalling that LISP implements Locator ID separation and, in so doing, creates two namespaces (EIDs and
RLOCs), it is easy to see that LISP virtualization can consider both EID and RLOC namespaces for
virtualization. That is, either or both can be virtualized.
• EID virtualization—Enabled by binding a LISP instance ID to an EID VRF. Instance IDs are numerical
tags defined in the LISP canonical address format (LCAF) draft, and are used to maintain address space
segmentation in both the control plane and data plane.
• RLOC virtualization—Tying locator addresses and associated mapping services to the specific VRF
within which they are reachable enables RLOC virtualization.
Because LISP considers virtualization of both EID and RLOC namespaces, two models of operation are
defined: shared model and parallel model. For completeness, the discussions below begin first with a review
of the default (non-virtualized) model of LISP, and then cover the details of shared and parallel models.

153
Default (Non-Virtualized) LISP Model

By default, LISP is not virtualized in either EID space or RLOC space. That is, unless otherwise configured,
both EID and RLOC addresses are resolved in the default (global) routing table. This concept is illustrated in
the figure below.
Figure 35: Default (Non-Virtualized) LISP Model (Resolves Both EID and RLOC Addresses in the Default (Global) Routing
Table.
As shown in the figure above, both EID and RLOC addresses are resolved in the default table. The mapping
system must also be reachable via the default table. This default model can be thought of as a single instantiation
of the parallel model of LISP virtualization where EID and RLOC addresses are within the same namespace
such as is the case in this default table.

LISP parallel model virtualization ties virtualized EID space associated with VRFs to RLOCs associated with
the same or different VRFs. This concept is illustrated in the figure below.
Figure 36: LISP parallel model virtualization resolves an EID and associated RLOCs within the same or different VRF. In
this example, both EID and RLOC addresses are resolved in the same VRF, but multiple (parallel) segmentation is configured
on the same device (BLUE and PINK).
As shown in the figure above, EID space is virtualized through its association with VRFs, and these VRFs
are tied to LISP Instance IDs to segment the control plane and data plane in LISP. A common, “shared” locator
space, the default (global) table as shown in the figure above, is used to resolve RLOC addresses for all
virtualized EIDs. The mapping system must also be reachable via the common locator space as well.

154
LISP Parallel Model Virtualization Architecture
The example illustrated in the figure above shows virtualized EID space associated with a VRF (and bound
to an Instance ID) being tied to locator space associated with the same VRF, in this case - Pink/Pink and
Blue/Blue. However, this is not required; the EID VRF does not need to match the RLOC VRF. In any case,
a mapping system must be reachable via the associated locator space. Multiple parallel instantiations can be
defined.
In the most general case, shared model and parallel model may be combined such that multiple EID VRFs
share a common RLOC VRF, and multiple instantiations of this architecture are implemented on the same
platform, as shown in the figure below.
Figure 37: LISP shared and parallel models may be combined for maximum flexibility.
As shown in the figure above, shared and parallel models are combined to associate several EID instances to
one shared RLOC VRF, and then several other EID instances to another shared RLOC VRF.
LISP Parallel Model Virtualization Architecture

Architecturally, LISP parallel model virtualization can be deployed in single or multitenancy configurations.
In the parallel model multitenancy case, a set of xTRs is shared (virtualized) among multiple customers, and
each customer uses their own private (segmented) core infrastructure and mapping system. All sites associated
with the customer use the same instance ID and are part of a VPN using their own EID namespace as shown
in the figure below.
Figure 38: In the LISP parallel model multitenancy case, shared xTRs use virtualized core networks and mapping systems.
LISP instance IDs segment the LISP data plane and control plane.

155
LISP Parallel Model Virtualization Implementation Considerations and Caveats
LISP Parallel Model Virtualization Implementation Considerations and Caveats

When the LISP Parallel Model Virtualization is implemented, several important considerations and caveats
are important. Each router lisp value instantiation is considered by software to be a separate process. Instance
IDs must be unique only within a router lisp instantiation. Review the example below:
xTR-1(config)# vrf definition alpha
xTR-1(config)# vrf definition beta
xTR-1(config-vrf)# vrf definition gamma
xTR-1(config-vrf)# vrf definition delta
xTR-1(config-vrf)# exit
xTR-1(config)# router lisp 1
xTR-1(config-router-lisp)# locator-table vrf alpha
xTR-1(config-router-lisp)# exit
xTR-1(config)# router lisp 2
xTR-1(config-router-lisp)# locator-table vrf gamma
xTR-1(config-router-lisp)# eid-table vrf delta instance-id 101
The vrf beta table is not available for use as an EID table (in use by router lisp 1 EID
instance 101 VRF)
In the above example, four VRFs are created; alpha, beta, gamma, and delta. The router lisp instantiation
router lisp 1 is created and associated with the locator-table VRF named alpha. Next, the EID table VRF
named beta is specified and associated with instance ID 101. Next, a new router lisp instantiation, router lisp
2, is created and associated with the locator-table VRF named gamma. Next, EID table VRF named delta is
specified and also associated with instance ID 101. These two instance IDs are unrelated to each other; one
is relevant only within router lisp 1 and the other is only relevant within router lisp 2.
In the above example, also observe that while under router lisp 2, an attempt is made to configure an EID
table VRF named beta. Note that the router is unable to use this EID table VRF since it (beta) is already
associated with an eid-table command within the router lisp 1 instantiation.
You can re-use an instance ID, and which EID VRF it is decapsulated into depends on the router lisp
instantiation and locator-table VRF that it is associated with. You cannot connect the same EID VRF to more
than one locator-table VRF, however.
How to Configure LISP Parallel Model Virtualization
Configure Simple LISP Parallel Model Virtualization

Perform these tasks to enable and configure LISP ITR/ETR (xTR) functionality and LISP map resolver and
map server for LISP parallel model virtualization.
The configuration implemented in this task and illustrated in the figure below is for two LISP sites that are
connected in parallel mode. Each LISP site uses a single edge router configured as both an ITR and ETR
(xTR), with a single connection to its upstream provider. However, the upstream connection is

156
VLAN-segmented to maintain RLOC space separation within the core. Two VRFs are defined here: BLUE
and GREEN. IPv4 RLOC space is used in each of these parallel networks. Both IPv4 and IPv6 EID address
space is used. The LISP site registers to one map server/map resolver (MS/MR), which is segmented to
maintain the parallel model architecture of the core network.
Figure 39: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
• LISP site:
• Both LISP xTRs have two VRFs: GOLD and PURPLE, with each VRF containing both IPv4 and
IPv6 EID-prefixes, as shown in the figure above. Note the overlapping prefixes, used for illustration
purposes. A LISP instance-id is used to maintain separation between two VRFs. Note that in this
example, the share key is configured “per-VPN. ?
• Each LISP xTR has a single RLOC connection to a parallel IPv4 core network.
and ETR (xTR) functionality when using a LISP map-server and map-resolver for mapping services. The
example configurations at the end of this task show the full configuration for two xTRs (Left-xTR and
Right-xTR).
Before You Begin


157
SUMMARY STEPS
2. router lisp lisp-instantiation-number
3. locator-table vrf rloc-vrf-name
4. eid-table vrfEID-vrf-name instance-id instance-id
6. Repeat Step 4 until all EID-to-RLOC mappings within this eid-table vrf and instance ID for this LISP site
are configured.
7. exit
10. ipv4 itr
11. ipv4 etr
14. ipv6 itr
15. ipv6 etr
16. exit
17. ip route vrf rloc-vrf-name ipv4-prefix next-hop
18. exit
DETAILED STEPS

Example:
Step 2 router lisp lisp-instantiation-number Creates the specified LISP instantiation number and enters LISP
configuration mode ( software only). All subsequent LISP commands apply
Example: to that router LISP instantiation.
Router(config)# router lisp • In this example, the router LISP instantiation 1 is configured.
Step 3 locator-table vrf rloc-vrf-name Configures a router LISP instantiation to use the specified VRF as RLOC
space when encapsulating EIDs and sending control plane packets.
Example: • In this example, the RLOC VRF named BLUE is configured.
locator-table vrf BLUE
Step 4 eid-table vrfEID-vrf-name instance-id Configures an association between a VRF table and a LISP instance ID,
instance-id and enters eid-table configuration submode.

158

• In this example, the VRF table PURPLE and instance-id 101 are
Example: associated together.
vrf PURPLE instance-id 101
• In this example, a single IPv4 EID prefix, 192.168.1.0/24, within
Example: instance ID 1 at this site is associated with the local IPv4 RLOC
Router(config-router-lisp-eid-table)# 10.0.0.2.
Step 6 Repeat Step 4 until all EID-to-RLOC Configures an EID-to-RLOC mapping relationship and its associated traffic
mappings within this eid-table vrf and policy for this LISP site.
instance ID for this LISP site are configured.
• In this example, the IPv6 EID prefix, 2001:db8:a:a::/64, within instance
ID 1 at this site is also associated with the local IPv4 RLOC 10.0.0.2.
Example:
database-mapping 2001:db8:a:a::/64
mode.
Example:
exit
Router(config-router-lisp)# ipv4 itr configuration mode.

for more details.)
Example: • In this example, the map server and authentication key are specified
Router(config-router-lisp)# ipv4 etr within router lisp configuration mode.
map-server 10.0.2.2 key 0 PURPLE-key

159

• The map server must be configured with EID prefixes and instance
IDs matching those configured on this ETR and with an identical
authentication key.
details.)
Example:
Example:
Router(config-router-lisp)# ipv6 itr configuration mode.
connectivity, the map-resolver is reachable using its IPv4 locator
addresses. (See the LISP Command Reference Guide for more details.)

for more details.)
Step 13 ipv6 etr map-server map-server-address Configures a locator address for the LISP map-server and an authentication
key key-type authentication-key key that this router, acting as an IPv6 LISP ETR, will use to register to the
Example: • In this example, the map server and authentication key are specified
Router(config-router-lisp)# ipv6 etr within router lisp configuration mode.
map-server 10.0.2.2 key 0 PURPLE-key
• The map-server must be configured with EID prefixes and instance
IDs matching those configured on this ETR and with an identical
authentication key.
Note The locator address of the map-server may be an IPv4 or IPv6

details.)

160

Example:
Example:
Example:
Step 17 ip route vrf rloc-vrf-name ipv4-prefix Configures a default route to the upstream next hop for all IPv4 destinations.
next-hop
sites are forwarded in one of two ways:
Example:
Router(config)# ip route vrf BLUE
0.0.0.0 0.0.0.0 10.0.0.1 • natively forwarded when traffic is LISP-to-non-LISP

• no route at all
LISP processing.
Example:

161
Example:
and in this task. On the xTRs, the VRFs and EID prefixes are assumed to be attached to VLANs configured
on the devices.
Example configuration for the Left xTR:
hostname Left-xTR
!
!
address-family ipv4
exit
address-family ipv6
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
ip address 10.0.0.2 255.255.255.0
!
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:A:A::1/64
!
vrf forwarding GOLD
ip address 192.168.1.1 255.255.255.0
ipv6 address 2001:DB8:B:A::1/64
!
router lisp
exit
!
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
Example configuration for Right xTR:
hostname Right-xTR
!
!
address-family ipv4
exit
address-family ipv6

162
exit
!
vrf definition GOLD
address-family ipv4
exit
address-family ipv6
exit
!
ip address 10.0.1.2 255.255.255.0
!
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:A:B::1/64
!
vrf forwarding GOLD
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:DB8:B:B::1/64
!
router lisp
database-mapping 2001:DB8:A:B::/64 10.0.1.2 priority 1 weight 1
database-mapping 2001:DB8:B:B::/64 10.0.1.2 priority 1 weight 1
exit
!
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.1.1
!
Configuring a Private LISP Mapping System for LISP Parallel Model Virtualization
Perform this task to configure and enable standalone LISP map server/map resolver functionality for LISP
parallel model virtualization. In this task, a Cisco router is configured as a standalone map resolver/map server
(MR/MS) for a private LISP mapping system. Because the MR/MS is configured as a stand-alone device, it
has no need for LISP alternate logical topology (ALT) connectivity. All relevant LISP sites must be configured
to register with this map server so that this map server has full knowledge of all registered EID prefixes within
the (assumed) private LISP system.

163
• Mapping system:
Figure 40: Simple LISP Site with One IPv4 RLOC and One IPv4 EID
• One map resolver/map server (MS/MR) system is shown in the figure above and assumed available
for the LISP xTR to register to within the proper parallel RLOC space. The MS/MR has an IPv4
RLOC address of 10.0.2.2, within each VLAN/VRF (Green and Blue) providing parallel model
RLOX separation in the IPv4 core.
• The map server site configurations are virtualized using LISP instance IDs to maintain separation
between the two VRFs, PURPLE and GOLD.
Repeat this task for all router lisp instantiations and RLOC VRFs.

164
SUMMARY STEPS
1. enable
3. router lisp lisp-instantiation-number
4. locator-table vrf rloc-vrf-name
5. site site-name
9. exit
11. ipv4 map-server
13. ipv6 map-server
14. exit
15. ip route vrf rloc-vrf-name ipv4-prefix next-hop
16. exit
DETAILED STEPS

Example:
Router> enable
Example:
Step 3 router lisp lisp-instantiation-number Creates the specified LISP instantiation number and enters LISP
configuration mode ( software only). All subsequent LISP commands
Example: apply to that router LISP instantiation.
Router(config)# router lisp • In this example, the router LISP instantiation 1 is configured.
Step 4 locator-table vrf rloc-vrf-name Configures a router lisp instantiation to use the specified VRF as
RLOC space when encapsulating EIDs and sending control plane
Example: packets.
Router(config)# locator-table vrf BLUE • In this example, the RLOC VRF BLUE is configured.

165

Step 5 site site-name Specifies a LISP site named Purple and enters LISP site configuration
mode.
Example: • In this example, the LISP site named Purple is configured.
Router(config-router-lisp)# site Purple
authentication-key authenticating the map register messages sent by an ETR when
registering to the map server.
Example: Note The ETR must be configured with EID prefixes and instance
Router(config-router-lisp-site)# IDs matching the one(s) configured on this map server, as
authentication-key 0 Purple-key well as an identical authentication key.
Example: Repeat this step as necessary to configure additional IPv4 EID prefixes
eid-prefix instance-id 101 • In this example, the IPv4 EID prefix 192.168.1.0/24 and instance
192.168.1.0/24
ID 101 are associated together.
Example: Repeat this step as necessary to configure additional IPv6 EID prefixes
eid-prefix instance-id 101 • In this example, the IPv6 EID prefix 2001:db8:a:a::/64 and
2001:db8:a:a::/64
instance ID 101 are associated together.
mode.
Example:
family within this router lisp instantiation.
Example:
map-resolver
Example:
map-server

166

Example:
map-resolver
Example:
map-server
mode.
Example:
Step 15 ip route vrf rloc-vrf-name ipv4-prefix next-hop Configures a default route to the upstream next hop for all IPv4
destinations, reachable within the specified RLOC VRF.
Example:
Router(config)# ip route vrf BLUE
0.0.0.0 0.0.0.0 10.0.2.1
mode.
Example:
Example:
Example configuration for the map server/map resolver.
hostname MSMR
!
vrf definition BLUE
address-family ipv4
exit
!
vrf definition GREEN
address-family ipv4
exit
!
!
encapsulation dot1Q 101
vrf forwarding BLUE
ip address 10.0.0.2 255.255.255.0
!

167

vrf forwarding GREEN
ip address 10.0.0.2 255.255.255.0
!
router lisp 1
locator-table vrf BLUE
site Purple
authentication-key PURPLE-key
eid-prefix instance-id 101 2001:DB8:A:A::/64
eid-prefix instance-id 101 2001:DB8:A:B::/64
!
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
!
router lisp 2
locator-table vrf GREEN
site Gold
authentication-key GOLD-key
eid-prefix instance-id 102 2001:DB8:B:A::/64
eid-prefix instance-id 102 2001:DB8:B:B::/64
!
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
!
ip route vrf GREEN 0.0.0.0 0.0.0.0 10.0.2.1
ip route vrf BLUE 0.0.0.0 0.0.0.0 10.0.2.1

After configuring LISP, verifying and troubleshooting LISP configuration and operations may be performed
by following the optional steps described below. Note that certain verification and troubleshooting steps may
only apply to certain types of LISP devices.

168
In this task, the topology is shown in the figure below and the configuration is from the “Configure Simple
LISP Shared Model Virtualization” task, but the commands are applicable to both LISP shared and parallel
model virtualization.
Figure 41: Simple LISP Site with Virtualized IPv4 and IPv6 EIDs and a Shared IPv4 Core
Note The following examples do not show every available command and every available output display. Refer
to the Cisco IOS LISP Command Reference for detailed explanations of each command.
SUMMARY STEPS
1. enable
5. show [ip | ipv6] lisp database [eid-table vrf vrf-name]
7. lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
DETAILED STEPS
Step 1 enable

169
Example:
Router> enable

device. This command applies to any LISP device. The following is sample output from the show running-config |
section router lisp command when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and a
shared IPv4 core:
Example:
router lisp
exit
!
ipv4 itr
ipv4 etr
ipv6 itr
ipv6 etr
exit

configured on the device, as applicable to the IPv4 and IPv6 address families respectively. This command applies to any
LISP device.
Example:
The first example shows a summary of LISP operational status and IPv6 address family information by EID table:
Router# show ipv6 lisp eid-table summary
Instance count: 2
Key: DB - Local EID Database entry count (@ - RLOC check pending
* - RLOC consistency problem),
DB no route - Local EID DB entries with no matching RIB route,
Cache - Remote EID mapping cache size, IID - Instance ID,
Role - Configured Role
Interface DB DB no Cache Incom Cache

EID VRF name (.IID) size route size plete Idle Role
PURPLE LISP0.101 1 0 1 0.0% 0.0% ITR-ETR
GOLD LISP0.102 1 0 1 0.0% 0.0% ITR-ETR
Example:
The second example shows LISP operational status and IPv6 address family information for the VRF named PURPLE:
Router# show ipv6 lisp eid-table vrf PURPLE

170
Instance ID: 101

Router-lisp ID: 0
Locator table: default
EID table: PURPLE
ETR Map-Server(s): 10.0.2.2 (00:00:24)
ITR use proxy ETR RLOC(s): none
Example:
The third example shows LISP operational status and IPv6 address family information for the instance ID of 101:
Router# show ipv6 lisp instance-id 101
Instance ID: 101

ETR Map-Server(s): 10.0.2.2 (00:00:11)
ITR Solicit Map Request (SMR): accept and process
Max SMRs per map-cache entry: 8 more specifics
Multiple SMR suppression time: 60 secs

status of the map cache on a device configured as an ITR or PITR, as applicable to the IPv4 and IPv6 address families
respectively.
Example:
The following example shows IPv6 mapping cache information based on a configuration when a simple LISP site is
configured with virtualized IPv4 and IPv6 EID prefixes and a shared IPv4 core. This example output assumes that a
map-cache entry has been received for another site with the IPv6 EID prefix 2001:db8:b:b::/64.
Router# show ip lisp map-cache eid-table vrf GOLD
LISP IPv6 Mapping Cache for EID-table vrf GOLD (IID 102), 2 entries

2001:DB8:B:B::/64, uptime: 00:00:10, expires: 23:59:42, via map-reply, complete
10.0.1.2 00:00:10 up 1/1
Step 5 show [ip | ipv6] lisp database [eid-table vrf vrf-name]
The show ip lisp database and show ipv6 lisp database commands are useful for quickly verifying the operational
status of the database mapping on a device configured as an ETR, as applicable to the IPv4 and IPv6 address families
respectively.

171
Example:
The following example shows IPv6 mapping database information for the VRF named GOLD.
Router# show ipv6 lisp database eid-table vrf GOLD
LISP ETR IPv6 Mapping Database for EID-table vrf GOLD (IID 102), LSBs: 0x1, 1 entries
EID-prefix: 2001:DB8:B:A::/64
10.0.0.2, priority: 1, weight: 1, state: site-self, reachable
server. This command only applies to a device configured as a map server. The following example output is based on a
configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes and shows the information
for the instance ID of 101.
Example:
Router# show lisp site instance-id 101

Left 00:00:36 yes 10.0.0.2 101 192.168.1.0/24
00:00:43 yes 10.0.0.2 101 2001:DB8:A:A::/64
Right 00:00:31 yes 10.0.1.2 101 192.168.2.0/24
00:00:02 yes 10.0.1.2 101 2001:DB8:A:B::/64
Example:
This second example shows LISP site information for the IPv6 EID prefix of 2001:db8:a:a:/64 and instance ID of 101.
Router# show lisp site 2001:db8:a:a:/64 instance-id 101
Site name: Left

Requested EID-prefix:
EID-prefix: 2001:DB8:A:A::/64 instance-id 101
ETR 10.0.0.2, last registered 00:00:22, no proxy-reply, no map-notify
TTL 1d00h
10.0.0.2 yes up 1/1
Step 7 lig {[self {ipv4 | ipv6}] | {hostname | destination-EID}
query for the indicated destination hostname or EID, or the routers local EID-prefix. This command provides a simple
means of testing whether a destination EID exists in the LISP mapping database system, or your site is registered with
the mapping database system. This command is applicable for both the IPv4 and IPv6 address families and applies to
any LISP device that maintains a map cache (for example, if configured as an ITR or PITR). The following example
output is based on a configuration when a simple LISP site is configured with virtualized IPv4 and IPv6 EID prefixes
and shows the information for the instance ID of 101 and the IPv4 EID prefix of 192.168.2.1.

172
Example:
Router# lig instance-id 101 192.168.2.1
10.0.1.2 00:00:00 up 1/1
Example:
This second example output shows information about the VRF named PURPLE:
Router# lig eid-table vrf PURPLE self
10.0.0.1 00:00:00 up, self 1/1
The ping command is useful for testing basic network connectivity and reachability and/or liveness of a destination EID
or RLOC address. When using ping it is important to be aware that because LISP uses an encapsulation, you should
always specify a source address; never allow the ping application to assign its own default source address. This is because
there are four possible ways to use ping, and without explicitly indicating the source address, the wrong one may be
used by the application leading to erroneous results that complicate operational verification or troubleshooting. The four
possible uses of ping include:
• RLOC-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the “echo-reply ? back
natively. This can be used to test the underlying network connectivity between locators of various devices, such
as xTR to Map-Server or Map-Resolver.
• EID-to-EID—Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back LISP-encaped. This
can be used to test the LISP data plane (encapsulation) between LISP sites.
• EID-to-RLOC—Sends “echo ? packets out natively (no LISP encap) and receive the "echo-reply" back LISP-encaped
through a PITR mechanism. This can be used to test the PITR infrastructure.
• RLOC-to-EID - Sends “echo ? packets out LISP-encaped and receive the “echo-reply ? back natively. This can
be used to test PETR capabilities.
The ping command is applicable to the IPv4 and IPv6 address families respectively, and can be used on any LISP device
in some manner. (The ability to do LISP encapsulation, for example, requires the device to be configured as an ITR or
PITR.)
The following example output from the ping command is based on a configuration when a simple LISP site is configured
with virtualized IPv4 and IPv6 EID prefixes. (Note that ping is not a LISP command and does not know about an EID
table or an instance ID. When virtualization is included, output limiters can only be specified by VRF.)
Example:
Router# ping vrf PURPLE 2001:DB8:a:b::1 source 2001:DB8:a:a::1 rep 100

Sending 100, 100-byte ICMP Echos to 2001:DB8:A:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:A:A::1%PURPLE
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

173
Configuration Examples for LISP Parallel Model Virtualization
Example:
Router# ping vrf GOLD
Protocol [ip]: ipv6

Target IPv6 address: 2001:db8:b:b::1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands? [no]: y
Source address or interface: 2001:db8:b:a::1
.
.
.
Sending 5, 100-byte ICMP Echos to 2001:DB8:B:B::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:B:A::1%GOLD
!!!!!

entries stored by the router. This can be useful trying to quickly verify the operational status of the LISP control plane.
This command applies to a LISP device that maintains a map cache (for example, if configured as an ITR or PITR).
Example:
The following example displays IPv4 mapping cache information for instance ID 101, shows the command used to clear
the mapping cache for instance ID 101, and displays the show information after clearing the cache.
LISP IPv4 Mapping Cache for EID-table vrf PURPLE (IID 101), 2 entries

10.0.1.2 00:20:13 up 1/1
Router# clear ip lisp map-cache instance-id 101

Configuration Examples for LISP Parallel Model Virtualization

Complete configuration examples are available within each task under the “How to Configure LISP Parallel
Model Virtualization” section.

174
Related Documents

Enterprise IPv6 Transitions Strategy Using the Cisco LISP Software Image Download Page
Locator/ID Separation Protocol
Cisco IOS LISP0 Virtual Interface, Application Note, Cisco LISP Software Image Download Page
Version 1.0
Cross-Platform Release Notes for Cisco IOS Release http://www.cisco.com/en/US/docs/ios/15_2m_and_t/

15.2M&T release/notes/15_2m_and_t.html
Standards
Standard Title
MIBs
MIB MIBs Link

RFCs
RFC Title


175
Feature Information for LISP Parallel Model Virtualization
RFC Title
draft-ietf-lisp-LCAF-06 LISP Canonical Address Format (LCAF) http://

tools.ietf.org/wg/lisp/


draft-ietf-lisp-mib-03 LISP MIB http://tools.ietf.org/wg/lisp/

draft-ietf-lisp-mib/
Description Link
and password.


176
Table 5: Feature Information for LISP Parallel Model Virtualization

LISP Parallel Model Virtualization 15.2(3)T LISP Parallel Model Virtualization
ties virtualized EID space
associated with VRFs to RLOCs
associated with the same or
different VRFs.

177

178
CHAPTER 7
LISP Host Mobility Across Subnet
• Information About LISP Host Mobility Across Subnet, page 179

Information About LISP Host Mobility Across Subnet
Overview of LISP Host Mobility Across Subnet

You can use LISP Host Mobility Across Subnet commands to deploy extended subnets and across subnets.
A detailed configuration guide and examples are under development and will appear here soon. Meanwhile,
please refer to the LISP Command Reference.

179
LISP Host Mobility Across Subnet
Overview of LISP Host Mobility Across Subnet

180
CHAPTER 8
LISP Delegate Database Tree (DDT)
• Information About Delegate Database Tree (DDT), page 181

Information About Delegate Database Tree (DDT)
Overview of LISP Delegate Database Tree (DDT)

You can use LISP Delegate Database Tree (DDT) commands to deploy a distributed LISP Mapping System.
A detailed configuration guide and examples are under development and will appear here soon. Meanwhile,
please refer to the LISP Command Reference.

181
LISP Delegate Database Tree (DDT)
Overview of LISP Delegate Database Tree (DDT)

182
CHAPTER 9
LISP ESM Multihop Mobility
The LISP ESM Multihop Mobility feature separates the Locator/ID Separation Protocol (LISP) dynamic
host detection function from the LISP encapsulation/decapsulation function within a LISP topology.

• Restrictions for LISP ESM Multihop Mobility, page 183
• Information About LISP ESM Multihop Mobility, page 184
• How to Configure LISP ESM Multihop Mobility, page 186
• Configuration Examples for LISP ESM Multihop Mobility, page 197
• Additional References for LISP ESM Multihop Mobility, page 199
• Feature Information for LISP ESM Multihop Mobility, page 199

Restrictions for LISP ESM Multihop Mobility

• Supports Locator/ID Separation Protocol (LISP) multihop mobility only in Extended Subnet Mode
(ESM) with Overlay Transport Virtualization (OTV).
• Requires OTV First Hop Redundancy Protocol (FHRP) isolation to avoid hair-pinning of traffic across
the OTV Data Center Interconnect (DCI) framework.
• Does not support Network Address Translated (NAT’d) endpoint identifiers (EIDs).

183
Information About LISP ESM Multihop Mobility
Information About LISP ESM Multihop Mobility
LISP ESM Multihop Mobility Overview

A first-hop router (FHR) detects the presence of a dynamic host endpoint identifier (EID) and notifies the site
gateway xTR. A device configured as both an ingress tunnel router (ITR) and an egress tunnel router (ETR)
is known as an xTR. The site gateway xTR registers the dynamic EID with a map server. The Site Gateway
xTR performs Locator/ID Separation Protocol (LISP) encapsulation/decapsulation of the traffic from or to
the dynamic EID to or from remote sites.
Figure 42: LISP ESM Multihop Mobility Sample Topology
Multiple Layer 3 hops can exist between the FHR and the site gateway xTR when deploying the LISP ESM
Multihop Mobility feature. You can insert non-LISP devices like firewalls and load-balancers into the data
center.
Note LISP supports silent host moves from the 15.4(1)T release.

184
LISP ESM Multihop Mobility Overview
Note LISP supports redistributing host routes for servers discovered by LISP into Interior Gateway Protocol
(IGP) via Open Shortest Path First (OSPF) protocol/ Intermediate System-to-Intermediate System (IS-IS)
protocol/ Routing Information Protocol (RIP)/ Border Gateway Protocol (BGP).
Perform the tasks shown below to configure LISP ESM multihop mobility on a Locator ID/Separation Protocol
(LISP) site with three IPv4 routing locators (RLOCs). In these tasks, a LISP site uses a single edge router
configured as both an ITR and an ETR (known as an xTR) with two connections to the upstream provider.
Both the RLOCs and the endpoint identifier (EID) prefix are IPv4. The LISP site registers to a map resolver
map server (MRMS) device in the network core. The topology used in this LISP configuration is shown in
the figure below.
Figure 43: Topology for LISP ESM Multihop Mobility
The components illustrated in the topology shown in the above figure are described below:
LISP Site
• The customer premises equipment (CPE) functions as a LISP ITR and ETR (xTR).
• The LISP xTR is authoritative for the IPv4 EID prefix of 10.1.0.0/16.
• The LISP xTR has two RLOC connections to the core. The RLOC connection to xTR-1 is 172.18.3.3;
the RLOC connection to xTR-2 is 172.19.4.4.

185
How to Configure LISP ESM Multihop Mobility
Mapping System
• An MRMS system is assumed to be available for the LISP xTRs to configure. The MRMS has IPv4
RLOCs 10.1.1.0 and 10.1.1.9.
• Mapping services are assumed to be provided as part of this LISP solution via a private mapping system
or as a public LISP mapping system.
How to Configure LISP ESM Multihop Mobility
Configuring First-Hop Router

SUMMARY STEPS
1. enable
3. router lisp
4. locator-set locator-set-name
5. ipv4-address priority priority-locator weight locator-weight
6. Repeat Step 5 to configure another locator entry.
7. exit
8. eid-table default instance-id id
9. dynamic-eid dynamic-eid-name
10. database-mapping dynamic-eid-prefix/prefix-length locator-set name
11. eid-notify ipv4-address key password
12. map-notify-group ipv4-group-address
13. exit
14. exit
15. exit
17. lisp mobility dynamic-eid-name
18. lisp extended-subnet-mode
20. standby group-number ip virtual-ip-address
21. end

186
DETAILED STEPS

Example:
Device> enable
Example:
Step 3 router lisp Enters LISP configuration mode.
Example:
Device(config)# router lisp
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set
configuration mode.
Example:
Device(config-router-lisp)# locator-set WestDC
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is
locator-weight the set of addresses that the first-hop router (FHR) uses
while communicating with the gateway xTR. You can
Example: configure each locator address by creating a locator entry
Device(config-router-lisp-locator-set)# 172.16.1.2 with an assigned priority and weight.
Step 6 Repeat Step 5 to configure another locator entry. —
Step 7 exit Exits LISP locator-set configuration mode and returns to

LISP configuration mode.
Example:
Device(config-router-lisp-locator-set)# exit
Step 8 eid-table default instance-id id Configures an association between the default virtual
routing and forwarding (VRF) table and a LISP instance
Example: ID, and enters EID table configuration mode.
Device(config-router-lisp)# eid-table default
instance-id 0
Step 9 dynamic-eid dynamic-eid-name Specifies a LISP virtual machine (VM)-mobility (dynamic

EID roaming) policy and enters dynamic EID
Example: configuration mode.
Device(config-router-lisp-eid-table)# dynamic-eid
VMs
Step 10 database-mapping dynamic-eid-prefix/prefix-length Configures an IPv4 mapping relationship and an associated

locator-set name traffic policy for the LISP VM-mobility (dynamic EID)
policy.
Example:
Device(config-router-lisp-eid-table-dynamic-eid)#
database-mapping 10.1.1.0/24 locator-set WestDC

187

Note You can enter the limit dynamic value keyword
to limit the number of discoverable dynamic
EIDs. However, if you have enabled debug mode
(using the service internal command), then the
number of discoverable dynamic EIDs will be
increased to a fixed value of 65535.
Step 11 eid-notify ipv4-address key password Enables sending of dynamic endpoint identifier (EID)
presence notifications to a gateway xTR with the specified
Example: IPv4 address along with the authentication key used with
Device(config-router-lisp-eid-table-dynamic-eid)# the gateway xTR.
eid-notify 192.0.2.21 key k
Step 12 map-notify-group ipv4-group-address Specifies the IPv4 multicast group address used for
sending and receiving site-based map-notify multicast
Example: messages.
map-notify-group 224.0.0.0
Step 13 exit Exits dynamic EID configuration mode and returns to EID
table configuration mode.
Example:
exit
Step 14 exit Exits EID table configuration mode and returns to LISP
configuration mode.
Example:
Step 15 exit Exits LISP configuration mode and returns to global

configuration mode.
Example:
Step 16 interface type number Specifies the interface type and number and enters
Example:
Device(config)# interface Vlan 11
Step 17 lisp mobility dynamic-eid-name Allows EID mobility on the interface and specifies the
name of the dynamic EID.
Example:
Device(config-if)# lisp mobility VMs
Step 18 lisp extended-subnet-mode Enables extended subnet mode on the interface.
Example:
Device(config-if)# lisp extended-subnet-mode
Step 19 ip address ip-address mask Configures an IPv4 address for a specific interface.
Example:
Device(config-if)# ip address 10.1.1.2
255.255.255.0

188
Configuring Site Gateway xTR

Step 20 standby group-number ip virtual-ip-address Enables IPv4 Hot Standby Router Protocol (HSRP) and
sets the virtual IP address.
Example:
Device(config-if)# standby 1 ip 10.1.1.1
Step 21 end Returns to privileged EXEC mode.
Example:

SUMMARY STEPS
1. enable
3. router lisp
6. exit
9. dynamic-eid dynamic-eid-name
11. eid-notify authentication-key password
12. exit
13. exit
15. ipv4 itr
16. ipv4 etr map-server map-server-address key authentication-key
17. ipv4 etr
18. exit
21. lisp mobility dynamic-eid-name
22. lisp extended-subnet-mode
23. end

189
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set
configuration mode.
Example:
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is
locator-weight the set of addresses used by the gateway xTR while
encapsulating/decapsulating LISP traffic from and to the
Example: endpoint identifier (EID).
Device(config-router-lisp-locator-set)# 172.18.3.3
Step 6 exit Exits LISP locator-set configuration mode and returns to

Example:
Step 7 eid-table default instance-id id Configures an association between the default virtual
routing and forwarding (VRF) table and a LISP instance
Example: ID, and enters EID table configuration mode.
instance-id 0

locator-set name traffic policy for LISP virtual machine (VM)-mobility
(dynamic EID) policy.
Example: Note You can enter the limit dynamic value keyword
Device(config-router-lisp-eid-table)#
database-mapping 10.1.0.0/16 locator-set WestDC to limit the number of discoverable dynamic
EIDs. However, if you have enabled debug mode
(using the service internal command), then the
number of discoverable dynamic EIDs will be
increased to a fixed value of 65535.

190

Step 9 dynamic-eid dynamic-eid-name Specifies a LISP VM-mobility (dynamic EID roaming)
policy and enters dynamic EID configuration mode.
Example:
Device(config-router-lisp-eid-table)# dynamic-eid
VMs

locator-set name traffic policy for LISP VM-mobility (dynamic EID) policy.
Example:
database-mapping 10.1.1.0/24 locator-set WestDC
Step 11 eid-notify authentication-key password Specifies the authentication key to validate the EID-notify
sent from a first-hop router (FHR).
Example:
eid-notify authentication-key k
Step 12 exit Exits dynamic EID configuration mode and returns to EID
table configuration mode.
Example:
exit
configuration mode.
Example:
Step 14 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to
which this device will send map request messages for IPv4
Example: EID-to-RLOC mapping resolutions.
Device(config-router-lisp)# ipv4 itr map-resolver
172.20.5.5 • The locator address of the map resolver may be an
IPv4 or IPv6 address.
Note You can configure up to 8 map resolvers if

multiple map resolvers are available.
Step 15 ipv4 itr Enables LISP ingress tunnel router (ITR) functionality for
the IPv4 address family.
Example:
Step 16 ipv4 etr map-server map-server-address key Configures the IPv4 or IPv6 locator address of the LISP
authentication-key map server to be used by the egress tunnel router (ETR)
when registering IPv4 endpoint identifiers (EIDs).
Example:
Device(config-router-lisp)# ipv4 etr map-server
172.20.5.5 key mskey

191

Step 17 ipv4 etr Enables LISP ETR functionality for the IPv4 address
family.
Example:

configuration mode.
Example:
Example:
Device(config)# interface FastEthernet 1/4
Step 20 ip address ip-address mask Configures an IPv4 address for the interface.
Example:
255.255.255.0
Step 21 lisp mobility dynamic-eid-name Allows EID mobility on the interface and specifies the
name of the dynamic EID.
Example:
Step 22 lisp extended-subnet-mode Enables extended subnet mode on the interface.
Example:
Example:

192
Configuring xTR
Configuring xTR
SUMMARY STEPS
1. enable
3. router lisp
6. Repeat Step 5 to configure another locator entry.
7. exit
10. exit
12. ipv4 itr
14. ipv4 etr
15. end
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Step 4 locator-set locator-set-name Specifies a locator set and enters LISP locator-set configuration
mode.
Example:
Device(config-router-lisp)# locator-set
Site3RLOCS
Step 5 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the set
locator-weight of addresses used by the gateway xTR while

193
Configuring xTR

encapsulating/decapsulating LISP traffic from and to the endpoint
Example: identifier (EID).
Device(config-router-lisp-locator-set)#
Step 6 Repeat Step 5 to configure another locator entry. —
Step 7 exit Exits LISP locator set configuration mode and returns to LISP
configuration mode.
Example:
exit
Step 8 eid-table default instance-id id Configures an association between the default VRF table and a
LISP instance ID, and enters EID table configuration mode.
Example:
Device(config-router-lisp)# eid-table
default instance-id 0
Step 9 database-mapping Configures an IPv4 mapping relationship and an associated traffic

dynamic-eid-prefix/prefix-length locator-set name policy for the LISP Virtual Machine (VM)-mobility (dynamic
EID) policy.
Example: Note You can enter the limit dynamic value keyword to limit
database-mapping 198.51.100.0/24 locator-set the number of discoverable dynamic EIDs. However,
Site3RLOCS if you have enabled debug mode (using the service
internal command), then the number of discoverable
dynamic EIDs will be increased to a fixed value of
65535.
configuration mode.
Example:
Step 11 ipv4 itr map-resolver map-resolver-address Configures a locator address for the LISP map resolver to which
this router will send map request messages for IPv4
map-resolver 172.20.5.5 • The locator address of the map resolver may be an IPv4 or
IPv6 address.
Note You can configure up to 8 map resolvers if multiple

map resolvers are available.
Step 12 ipv4 itr Enables LISP ITR functionality for an IPv4 address family.
Example:

194
Configuring Map Server Map Resolver

Step 13 ipv4 etr map-server map-server-address key Configures IPv4 locator address of the LISP map server to be
authentication-key used by the egress tunnel router (ETR) when registering for IPv4
endpoint identifiers (EIDs).
Example:
map-server 172.20.5.5 key k3
Step 14 ipv4 etr Enables LISP ETR functionality for an IPv4 address family.
Example:
Example:

SUMMARY STEPS
1. enable
3. router lisp
4. site site-name
5. authentication-key password
6. eid-prefix eid-prefix accept-more-specifics
7. exit
8. Repeat Step 4 to Step 7 to configure another LISP site.
9. ipv4 map-server
11. end
DETAILED STEPS

Example:
Device> enable

195

Example:
Step 3 router lisp Enters Locator ID/Separation Protocol (LISP) configuration

mode.
Example:
Step 4 site site-name Configures a LISP site and enters LISP site configuration mode
on a LISP map server.
Example:
Device(config-router-lisp)# site EastWestDC
Step 5 authentication-key password Configures the password used to create the Hash-based Message
Authentication Code (HMAC) Secure Hash Algorithm (SHA-1)
Example: hash for authenticating the map-register message sent by an
Device(config-router-lisp-site)# egress tunnel router (ETR) when registering with the map server.
authentication-key k
Step 6 eid-prefix eid-prefix accept-more-specifics Configures a list of endpoint identifier (EID) prefixes that are
allowed in a map-register message sent by an ETR when
Example: registering with the map server. Specifies that any EID prefix
Device(config-router-lisp-site)# eid-prefix that is more specific than the EID prefix configured is accepted
10.1.0.0/16 accept-more-specifics and tracked.
configuration mode.
Example:
Device(config-router-lisp-site)# exit
Step 8 Repeat Step 4 to Step 7 to configure another LISP —

site.
Step 9 ipv4 map-server Configures a device to act as an IPv4 LISP map server.
Example:
Device(config-router-lisp)# ipv4 map-server
Step 10 ipv4 map-resolver Configures a device to act as an IPv4 LISP map resolver.
Example:
Device(config-router-lisp)# ipv4
map-resolver
Step 11 end Exits LISP configuration mode and returns to privileged EXEC
mode.
Example:
Device(config-router-lisp)# end

196
Configuration Examples for LISP ESM Multihop Mobility
Configuration Examples for LISP ESM Multihop Mobility

Figure 44: LISP ESM Multihop Topology
The examples below show the complete configuration for the LISP topology illustrated in the figure above.
Example: First-Hop Router Configuration

Device(config-router-lisp-locator-set)# 172.16.1.2 priority 10 weight 50
Device(config-router-lisp)# eid-table default instance-id 0
Device(config-router-lisp-eid-table)# dynamic-eid VMs
Device(config-router-lisp-eid-table-dynamic-eid)# database-mapping 10.1.1.0/24 locator-set
WestDC
Device(config-router-lisp-eid-table-dynamic-eid)# eid-notify 192.0.2.21 key k
Device(config-router-lisp-eid-table-dynamic-eid)# map-notify-group 224.0.0.0
Device(config-router-lisp-eid-table-dynamic-eid)# exit
Device(config)# interface Vlan11

197
Example: Site Gateway xTR Configuration

Device(config-if)# ip address 10.1.1.2 255.255.255.0
Device(config-if)# standby 1 ip 10.1.1.1
Example: Site Gateway xTR Configuration

Device> enable
Device (config)# router lisp
Device(config-router-lisp-locator-set) # 172.18.3.3 priority 10 weight 50
Device(config-router-lisp-eid-table)# database-mapping 10.1.0.0/16 locator-set WestDC
Device(config-router-lisp-eid-table)# dynamic-eid VMs
Device(config-router-lisp-eid-table-dynamic-eid)# database-mapping 10.1.1.0/24 locator-set
WestDC
Device(config-router-lisp-eid-table-dynamic-eid)# eid-notify authentication-key k
Device(config-router-lisp-eid-table-dynamic-eid)# exit
Device(config-router-lisp)# ipv4 etr map-server 172.20.5.5 key k
Device(config)# interface FastEthernet1/4
Example: xTR Configuration

Device> enable
Device(config-router-lisp)# locator-set Site3RLOCS
Device(config-router-lisp-eid-table)# database-mapping 198.51.100.0/24 locator-set Site3RLOCS
Device(config-router-lisp)# ipv4 etr map-server 172.20.5.5 key k3
Example: Map Server Map Resolver Configuration

Device> enable
Device(config-router-lisp)# site EastWestDC
Device(config-router-lisp-site)# authentication-key k
Device(config-router-lisp-site)# eid-prefix 10.1.0.0/16 accept-more-specifics
Device(config-router-lisp)# ipv4 map-resolver

198
Additional References for LISP ESM Multihop Mobility
Additional References for LISP ESM Multihop Mobility

Related Documents
Related Topic Document Title

Cisco IOS commands Cisco IOS Master Command List,
All Releases
Locator/ID Separation Protocol (LISP) commands Cisco IOS IP Routing: LISP

Command Reference
Description Link
and password.
Feature Information for LISP ESM Multihop Mobility

Feature Name Release Feature Information
LISP ESM Multihop Mobility Cisco IOS XE Release 3.11S The LISP ESM Multihop Mobility
feature separates the Locator/ID
Separation Protocol (LISP)
dynamic host detection function
from the LISP
encapsulation/decapsulation
function within a LISP topology.

199
Feature Information for LISP ESM Multihop Mobility

200
CHAPTER 10
LISP Support for Disjoint RLOC Domains
The Locator/ID Separation Protocol (LISP) implements a “level of indirection” that enables a new IP routing
architecture. LISP separates IP addresses into two namespaces: Endpoint Identifiers (EIDs), which are
assigned to end-hosts, and Routing Locators (RLOCs), which are assigned to devices that make up the global
routing system.
The LISP Support for Disjoint RLOC Domains feature enables LISP-to-LISP communication between LISP
sites that are connected to different RLOC spaces but have no connectivity to each other. One example of
disjointed RLOC space is that of between the IPv4 Internet and IPv6 Internet. When one LISP site has
IPv4-only RLOC connectivity and the second site has IPv6-only RLOC connectivity, these sites can still
communicate via LISP using the LISP Support for Disjoint RLOC Domains feature.

• Prerequisites for LISP Support for Disjoint RLOC Domains, page 202
• Restrictions for LISP Support for Disjoint RLOC Domains, page 202
• Information About LISP Support for Disjoint RLOC Domains, page 202
• How to configure LISP Support for Disjoint RLOC Domains, page 205
• Verifying LISP Support for Disjoint RLOC Domains, page 218
• Configuration Examples for LISP Support for Disjoint RLOC Domains, page 219
• Additional References for LISP Support for Disjoint RLOC Domains, page 223
• Feature Information for LISP Support for Disjoint RLOC Domains, page 224


201
Prerequisites for LISP Support for Disjoint RLOC Domains
Prerequisites for LISP Support for Disjoint RLOC Domains

Map servers and re-encapsulating tunnel routers (RTRs) must have connectivity to all locator spaces that are
being joined.
Restrictions for LISP Support for Disjoint RLOC Domains

Map servers and re-encapsulating tunnel routers (RTRs) cannot join more than eight locator scopes.
Information About LISP Support for Disjoint RLOC Domains
LISP Support for Disjoint RLOC Domains Overview

The fundamental principal of any network is that routing and reachability must exist between all devices that
make up the total network system. There are many network systems, public and private, for which internetwork
connectivity is not directly available. A few examples include:
• IPv4 Internet and IPv6 Internet.
• An IPv4 Multiprotocol Label Switching (MPLS) VPN from service provider A and an IPv4 MPLS VPN
from service provider B.
• An IPv4 MPLS VPN from service provider A and IPv4 Internet.
When some sites within a network connect to one routing domain and other sites connect to another routing
domain, a gateway function must be provided to facilitate connectivity between these disjointed routing
domains. In traditional routing architectures, providing connectivity between disjointed routing domains can
be quite complex.
The inherent property of Locator/ID Separation Protocol (LISP), which separates IP addresses into two
namespaces, endpoint identifiers (EIDs) and routing locators (RLOCs), also gives it the ability to connect
disjointed RLOC domains. The LISP Support for Disjoint RLOC Domains feature provides simplified
configuration mechanisms that enable this capability. The key components are new control plane configuration
options on the LISP map server, and a functionality called re-encapsulating tunnel router (RTR), which
provides data plane connectivity between disjointed locator spaces.
LISP Map Server

The key concept in the LISP Support for Disjoint RLOC Domains feature is the recognition that the LISP
Mapping System has full knowledge of all LISP sites. When a LISP site registers with a map server, the
registration message not only provides information about the EID space that the site is authoritative for, but
it also provides information about its own RLOCs.
The LISP Support for Disjoint RLOC Domains feature provides new configuration options to define within
the map server the routing locator scopes that LISP sites can connect to. Once defined, the map server
automatically determines whether individual sites have common or disjoint locator connectivity between
themselves. The map server then uses this knowledge when handling Map-Request messages to determine
how to inform LISP sites to communicate with each other. Map-Request messages contain both source and

202
destination EID information. When a map server receives a Map-Request message, it compares the RLOCs
associated with the source EID and destination EID contained with the Map-Request message against the
configured locator scopes.
• If the ingress tunnel router (ITR) (source EID) and egress tunnel router (ETR) (destination EID) share
at least one RLOC in a common locator scope, the map server forwards the Map-Request message to
the ETR as normal. In this case, the ETR is capable of generating a Map-Reply message that is sent back
to the ITR since it has reachability across (at least one) common locator space.
• If the ITR (source EID) and ETR (destination EID) do not share at least one RLOC in a common locator
scope, the map server sends a proxy Map-Reply message to the ITR that includes a list of RTRs that are
capable of connecting the disjointed locator space between the ITR and ETR.
• If the RLOCs associated with the ITR (source EID) and ETR (destination EID) do not match any
configured locator scopes, the map server forwards the Map-Request message to the ETR as normal. In
this case, the RLOCs are assumed to be reachable via routing, even though they are not defined in any
locator scope configuration.
LISP data plane packets flow directly between sites when the sites share locator space. An RTR is used to
connect LISP data plane packets when locator spaces between the sites are disjointed.
LISP RTR
A re-encapsulating tunnel router (RTR) provides data plane communications support for LISP-to-LISP traffic
between LISP sites that do not share common locator space. Functionally, an RTR takes in LISP encapsulated
packets from an ITR in one locator scope, decapsulates them, does a map-cache lookup, and then re-encapsulates
them to an ETR in another locator scope. The following are important considerations for an RTR:
• The RTR itself must have RLOCs in all locator scopes that are being joined.
• An RTR sends Map-Request messages to populate its own map cache. As a Map-Request message
contains an ITR RLOC field that is populated with one or more entries corresponding to the locators of
the device sending the Map-Request message, the RTR in this case, the locator set configuration is also
required on the RTR to define its locators. This enables the map server to correctly receive Map-Requests
from the RTR to assess locator scope connectivity.

203
• An RTR performs functions similar to a proxy ingress tunnel router (PITR) and proxy egress tunnel
router (PETR), therefore these features must be enabled on the RTR.
Figure 45: LISP - Disjoint RLOC Domains Topology
Referring to Figure 1, the tasks below illustrate the configuration steps required to provide Locator/ID
Separation Protocol (LISP) Disjoint Routing Locator (RLOC) support for cross address-family (IPv4/IPv6)
connectivity.
• Ingress/Egress tunnel router (xTR) represents the LISP Site router. In Figure 1, xTR4 only has RLOC
connectivity to the IPv4 Internet, and xTR6 only has RLOC connectivity to the IPv6 Internet.
• Map server map resolver (MSMR) represents the MSMR supporting the LISP control plane.
• Re-encapsulating tunnel router (RTR) represents the LISP data plane device that joins locator scopes.

204
How to configure LISP Support for Disjoint RLOC Domains
How to configure LISP Support for Disjoint RLOC Domains
Configuring xTR
SUMMARY STEPS
1. enable
5. ipv6 address ipv6-address/ipv6-prefix
8. router lisp
12. exit
16. exit
18. ipv4 itr
20. ipv4 etr
22. ipv6 itr
24. ipv6 etr
25. exit
26. ip route prefix mask ip-address
27. end

205
Configuring xTR
DETAILED STEPS

Example:
Device> enable
Example:
Step 3 interface type number Specifies the interface type and number and enters interface
configuration mode.
Example:
Device(config)# interface loopback0
Example:
255.255.255.0
Step 5 ipv6 address ipv6-address/ipv6-prefix Configures an IPv6 address for the interface.
Example:
Device(config-if)# ipv6 address
2001:DB8:0:ABCD::1/64
configuration mode.
Example:
Device(config)# interface ethernet0/0
Example:
255.255.255.252
Example:
Device(config-if)# router lisp
Step 9 locator-set locator-set-name Specifies a locator set and enters LISP locator set configuration
mode.
Example:
Device(config-router-lisp)# locator-set R4
Step 10 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the
locator-weight set of addresses the first-hop router uses when communicating
with the gateway xTR. You can configure each IPv4 locator

206
Configuring xTR

address by creating a locator entry with assigned priority and
Example: weight.
Step 11 ipv6-address priority priority-locator weight Configures the LISP locator set. The LISP locator set is the
locator-weight set of addresses the first-hop router uses when communicating
with the gateway xTR. You can configure each IPv6 locator
Example: address by creating a locator entry with assigned priority and
Device(config-router-lisp-locator-set)# weight.
2001:DB8:4::2 priority 1 weight 1
configuration mode.
Example:
Step 13 eid-table default instance-id id Configures an association between the default (global) routing
table and a LISP instance ID, and enters EID table
instance-id 0
Step 14 database-mapping dynamic-eid-prefix/prefix-length Configures an IPv4/IPv6 mapping relationship and an

locator-set name associated traffic policy (as defined in the locator set) for this
LISP site.
Example:
database-mapping 10.10.10.0/24 locator-set
R4
Step 15 database-mapping dynamic-eid-prefix/prefix-length Configures an IPv4/IPv6 mapping relationship and an

locator-set name associated traffic policy (as defined in the locator set) for this
LISP site.
Example:
database-mapping 2001:DB8::/48 locator-set
R4
configuration mode.
Example:
which this device will send Map-Request messages for IPv4
Example: endpoint identifier-to-routing locator (EID-to-RLOC) mapping
Device(config-router-lisp)# ipv4 itr resolutions.
• The locator address of the map resolver may be an IPv4
or IPv6 address.
Note You can configure up to eight map resolvers if


207
Configuring xTR

Step 18 ipv4 itr Enables LISP ingress tunnel router (ITR) functionality for an
IPv4 address family.
Example:
Step 19 ipv4 etr map-server map-server-address key Configures the IPv4 locator address of the LISP map server to
authentication-key be used by the egress tunnel router (ETR) when registering
itself for IPv4 endpoint identifiers (EIDs).
Example:
map-server 10.0.2.1 key R4KEY
Example:
which this router will send Map-Request messages for IPv6
map-resolver 10.0.2.1 • The locator address of the map resolver may be an IPv4
or IPv6 address.

Step 22 ipv6 itr Enables LISP ITR functionality for an IPv6 address family.
Example:
Step 23 ipv6 etr map-server map-server-address key Configures the IPv6 locator address for the LISP map server
authentication-key to be used by the ETR when registering for IPv6 EIDs.
Example:
map-server 10.0.2.1 key R4KEY
Example:

configuration mode.
Example:
Step 26 ip route prefix mask ip-address Establishes static routes to the next hop destination.
Example:
Device(config)# ip route 0.0.0.0 0.0.0.0
10.0.4.2

208
Configuring xTR

Example:
Device(config)# end

209
Configuring MSMR
Configuring MSMR
SUMMARY STEPS
1. enable
6. router lisp
9. exit
10. Repeat Step 7 to Step 9 to specify and configure another locator set.
11. locator-scope name
12. rtr-locator-set locator-set-name
13. rloc-prefix ipv4-rloc-prefix
14. exit
15. Repeat Step 11 to Step 14 to specify and configure another locator scope.
16. site site-name
17. authentication-key password
18. eid-prefix ipv4-eid-prefix
19. eid-prefix ipv6-eid-prefix
20. exit
21. Repeat Step 16 to Step 20 to configure another LISP site on the map server.
22. ipv4 map-server
23. ipv6 map-server
26. exit
28. ipv6 route ipv6-prefix/prefix-length ipv6-address
29. end

210
Configuring MSMR
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Example:
255.255.255.252
Example:
Device(config-if)# ipv6 address 2001:DB8:1::1/64
Example:
Step 7 locator-set locator-set-name Specifies a locator set and enters LISP locator set
configuration mode.
Example:
Device(config-router-lisp)# locator-set rtr-set1
Step 8 ipv4-address priority priority-locator weight Configures the LISP locator set. The LISP locator set
locator-weight is the set of addresses the first-hop router uses when
communicating with the gateway xTR. You can
Example: configure each locator address by creating a locator
Device(config-router-lisp-locator-set)# 10.0.3.1 entry with assigned priority and weight.
priority 1 weight 1
Step 9 exit Exits LISP locator set configuration mode and returns
to LISP configuration mode.
Example:
Step 10 Repeat Step 7 to Step 9 to specify and configure another —

locator set.

211
Configuring MSMR

Step 11 locator-scope name Specifies the locator scope and enters locator scope
configuration mode.
Example:
Device(config-router-lisp)# locator-scope s1
Step 12 rtr-locator-set locator-set-name Specifies the locator set of re-encapsulating tunnel

router (RTR) to use in proxy reply for disjoint/cross
Example: address family routing locator (RLOC).
Device(config-router-lisp-locator-scope)#
rtr-locator-set rtr-set1
Step 13 rloc-prefix ipv4-rloc-prefix Specifies the RLOC prefix to check against ingress
tunnel router (ITR) RLOC and egress tunnel router
Example: (ETR) RLOC.
Device(config-router-lisp-locator-scope)#
rloc-prefix 0.0.0.0/0
Step 14 exit Exits LISP locator set configuration mode and returns
to LISP configuration mode.
Example:
Step 15 Repeat Step 11 to Step 14 to specify and configure another —

locator scope.
Step 16 site site-name Configures a LISP site on a map server and enters LISP
site configuration mode.
Example:
Device(config-router-lisp)# site R4
Step 17 authentication-key password Specifies the authentication key that the LISP site uses.
Example:
Device(config-router-lisp-site)#
authentication-key R4KEY
Step 18 eid-prefix ipv4-eid-prefix Specifies a site IPv4 EID prefix.
Example:
Device(config-router-lisp-site)# eid-prefix
10.10.10.0/24
Step 19 eid-prefix ipv6-eid-prefix Specifies a site IPv6 EID address prefix.
Example:
Device(config-router-lisp-site)# eid-prefix
2001:DB8::/48
configuration mode.
Example:
Step 21 Repeat Step 16 to Step 20 to configure another LISP site —

on the map server.

212
Configuring MSMR

Step 22 ipv4 map-server Enables IPv4 map server functionality.
Example:
Step 23 ipv6 map-server Enables IPv6 map server functionality.
Example:
Step 24 ipv4 map-resolver Enables IPv4 map resolver functionality.
Example:
Step 25 ipv6 map-resolver Enables IPv6 map resolver functionality.
Example:

configuration mode.
Example:
Example:
Step 28 ipv6 route ipv6-prefix/prefix-length ipv6-address Establishes static routes to the next hop destination.
Example:
Device(config)# ipv6 route ::/0 2001:DB8:1::ABCD
Example:
Device(config)# end

213
Configuring RTR
Configuring RTR
SUMMARY STEPS
1. enable
6. router lisp
10. exit
11. map-request itr-rlocs locator-set-name
13. map-cache ipv4-EID-prefix map-request
14. map-cache ipv6-EID-prefix map-request
15. exit
16. ipv4 map-request-source source-address
17. ipv4 map-cache-limit cache-limit
18. ipv4 proxy-etr
19. ipv4 proxy-itr ipv4-local-locator ipv6-local-locator
21. ipv6 map-request-source source-address
22. ipv6 map-cache-limit cache-limit
23. ipv6 proxy-etr cache-limit
24. ipv6 proxy-itr ipv6-local-locator ipv4-local-locator
26. exit
28. ipv6 route ipv6-prefix/prefix-length ipv6-address
29. end

214
Configuring RTR
DETAILED STEPS

Example:
Device> enable
Example:
configuration mode.
Example:
Example:
255.255.255.252
Example:
Device(config-if)# ipv6 address
2001:DB8:2::1/64
Example:
Step 7 locator-set locator-set-name Specifies a locator set and enters LISP locator set configuration
mode.
Example:
Device(config-router-lisp)# locator-set setALL
Step 8 ipv4-address priority priority-locator weight Configures an IPv4 or IPv6 address and policy for the
locator-weight re-encapsulation tunnel router (RTR).
Example:
Step 9 ipv6-address priority priority-locator weight Configures an IPv4 or IPv6 address and policy for the RTR.
locator-weight
Example:
2001:DB8:2::1 priority 1 weight 1

215
Configuring RTR

configuration mode.
Example:
Step 11 map-request itr-rlocs locator-set-name Configures the locator set to be used as routing locators
(RLOCs) in the ingress tunnel router (ITR) RLOC field of
Example: Map-Request messages sent from the RTR.
Device(config-router-lisp)# map-request
itr-rlocs setALL
Step 12 eid-table default instance-id id Configures an association between the default (global) routing
table and a LISP instance ID, and enters EID table
instance-id 0
Step 13 map-cache ipv4-EID-prefix map-request Configures static endpoint identifier-to-routing locator

(EID-to-RLOC) mappings for an ITR and enables sending of
Example: Map-Request message for a LISP destination EID.
map-cache 0.0.0.0/0 map-request
Step 14 map-cache ipv6-EID-prefix map-request Configures static EID-to-RLOC mappings for an ITR and
enables sending of Map-Request message for a LISP
Example: destination EID.
map-cache ::/0 map-request
Step 15 exit Exits LISP EID table configuration mode and returns to LISP
configuration mode.
Example:
Step 16 ipv4 map-request-source source-address Specifies the IPv4 source address to be used in LISP IPv4
Map-Request messages. The ITR RLOCs configured under
Example: Steps 7 through 10, and Step 11 take precedence. However,
Device(config-router-lisp)# ipv4 this step (16) is still required.
map-request-source 10.0.3.1
Step 17 ipv4 map-cache-limit cache-limit (Optional) Specifies maximum number of IPv4 LISP map
cache entries allowed to be stored on the router. The valid
Example: range is from 0 to 100000.
map-cache-limit 100000
Step 18 ipv4 proxy-etr Configures a device to act as an IPv4 LISP proxy egress tunnel
router (PETR).
Example:
Device(config-router-lisp)# ipv4 proxy-etr
Step 19 ipv4 proxy-itr ipv4-local-locator ipv6-local-locator Configures this device to act as an IPv4 proxy ingress tunnel
router (PITR), and configures the IPv4 and IPv6 locator
Example: addresses used as a source address for encapsulation of data
Device(config-router-lisp)# ipv4 proxy-itr packets.
10.0.3.1 2001:DB8:2::1

216
Configuring RTR

which this device will send Map-Request messages for IPv4
Device(config-router-lisp)# ipv4 itr or IPv6 address.
map-resolver 2001:DB8:1::1
Note You can configure up to 8 map resolvers if multiple

map resolvers are available.
Step 21 ipv6 map-request-source source-address The ITR RLOCs configured under Steps 7 through 10, and
Step 11 take precedence. However, this step (16) is still
Example: required.
map-request-source 2001:DB8:2::1
Step 22 ipv6 map-cache-limit cache-limit (Optional) Specifies the maximum number of IPv6 LISP map
cache entries allowed to be stored on the device. The valid
Example: range is from 0 to 100000.
map-cache-limit 100000
Step 23 ipv6 proxy-etr cache-limit Configures a device to act as an IPv6 LISP PETR.
Example:
Step 24 ipv6 proxy-itr ipv6-local-locator ipv4-local-locator Configures this device to act as an IPv6 PITR, and configures
the IPv4 and IPv6 locator addresses used as a source address
Example: for encapsulation of data packets.
Device(config-router-lisp)# ipv6 proxy-itr
2001:DB8:2::1 10.0.3.1
which this router will send Map-Request messages for IPv6
Device(config-router-lisp)# ipv6 itr or IPv6 address.
map-resolver 2001:DB8:1::1

configuration mode.
Example:
Example:
Device(config)# ip route 0.0.0.0 0.0.0.0
10.0.3.2

217
Verifying LISP Support for Disjoint RLOC Domains

Step 28 ipv6 route ipv6-prefix/prefix-length ipv6-address Establishes static routes to the next hop destination.
Example:
Device(config)# ipv6 route ::/0
2001:DB8:ABCD::1
Example:
Device(config)# end
Verifying LISP Support for Disjoint RLOC Domains

SUMMARY STEPS
1. enable
2. show ip lisp database
3. show ipv6 lisp database
4. show lisp site detail
5. show ip lisp map-cache
6. show ipv6 lisp map-cache
DETAILED STEPS

Example:
Device> enable
Step 2 show ip lisp database Displays Locator/ID Separation Protocol (LISP) egress tunnel
router (ETR) configured local IPv4 endpoint identifier (EID)
Example: prefixes and associated locator sets.
Device# show ip lisp database
Step 3 show ipv6 lisp database Displays LISP ETR configured local IPv6 EID prefixes and
associated locator sets.
Example:
Device# show ipv6 lisp database
Step 4 show lisp site detail Displays details of LISP sites configured on a LISP map server.
Example:
Device# show lisp site detail

218
Configuration Examples for LISP Support for Disjoint RLOC Domains

Step 5 show ip lisp map-cache Displays the current dynamic and static IPv4 endpoint
identifier-to-routing locator (EID-to-RLOC) map cache entries.
Example:
Device# show ip lisp map-cache
Step 6 show ipv6 lisp map-cache Displays the current dynamic and static IPv6 EID-to-RLOC map
cache entries.
Example:
Device# show ipv6 lisp map-cache
Configuration Examples for LISP Support for Disjoint RLOC

Domains
Figure 46: LISP - Disjoint RLOC Domains topology
The examples below show the complete configuration for the LISP topology illustrated in the figure above.
Example: Configuring xTR

The following example shows how to configure xTR4:
Device> enable
Device(config-if)# ipv6 address 2001:DB8:0:ABCD::1/64
Device(config-if)# interface ethernet0/0

219
Example: Configuring MSMR
Device(config-router-lisp-eid-table)# database-mapping 10.10.10.0/24 locator-set R4
Device(config-router-lisp-eid-table)# database-mapping 2001:DB8::/48 locator-set R4
Device(config-router-lisp)# ipv4 etr map-server 10.0.2.1 key R4KEY
Device(config-router-lisp)# ipv6 etr map-server 10.0.2.1 key R4KEY
The following example shows how to configure xTR6:
Device> enable
Device(config-if)# ipv6 address 2001:DB8::4/64
Device(config-if)# interface ethernet0/0
Device(config-router-lisp-locator-set)# 2001:DB8:4::2 priority 1 weight 1
Device(config-router-lisp-eid-table)# database-mapping 172.16.0.2/24 locator-set R4
Device(config-router-lisp-eid-table)# database-mapping 2001:DB8::1/48 locator-set R4
Device(config-router-lisp)# ipv4 itr map-resolver 2001:DB8:3::2
Device(config-router-lisp)# ipv4 etr map-server 2001:DB8:3::2 key R4KEY
Device(config-router-lisp)# ipv6 etr map-server 2001:DB8:3::2 key R4KEY
Device(config)# ipv6 route ::/0 2001:DB8:4::1

Device> enable
Device (config-if)# router lisp
Device(config-router-lisp-locator-set)# 2001:DB8:2::1/64 priority 1 weight 1
Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set1
Device(config-router-lisp-locator-scope)# rloc-prefix 0.0.0.0/0
Device(config-router-lisp-locator-scope)# exit
Device(config-router-lisp-locator-scope)# rtr-locator-set rtr-set2

220
Example: Configuring RTR
Device(config-router-lisp-locator-scope)# rloc-prefix ::/0

Device(config-router-lisp-locator-scope)# exit
Device(config-router-lisp-site)# authentication-key R4KEY
Device(config-router-lisp-site)# eid-prefix 10.10.10.0/24
Device(config-router-lisp-site)# eid-prefix 2001:DB8::/48
Device(config-router-lisp-site)# authentication-key R6KEY
Device(config-router-lisp-site)# eid-prefix 172.16.0.2/24
Device(config-router-lisp-site)# eid-prefix 2001:DB8::1/48
Device(config)# ipv6 route ::/0 2001:DB8:1::ABCD
Example: Configuring RTR

Device> enable
Device(config)# interface Ethernet0/0
Device (config-if)# router lisp
Device(config-router-lisp)# locator-set setALL
Device(config-router-lisp-locator-set)# 2001:DB8:2::1 priority 1 weight 1
Device(config-router-lisp)# map-request itr-rlocs setALL
Device(config-router-lisp-eid-table)# map-cache 0.0.0.0/0 map-request
Device(config-router-lisp-eid-table)# map-cache ::/0 map-request
Device(config-router-lisp)# ipv4 map-request-source 10.0.3.1
Device(config-router-lisp)# ipv4 map-cache-limit 100000
Device(config-router-lisp)# ipv4 proxy-itr 10.0.3.1 2001:DB8:2::1
Device(config-router-lisp)# ipv6 map-request-source 2001:DB8:2::1
Device(config-router-lisp)# ipv6 map-cache-limit 100000
Device(config-router-lisp)# ipv6 proxy-itr 2001:DB8:2::1 10.0.3.1
Device(config)# ipv6 route ::/0 2001:DB8:ABCD::1
Example: Verifying LISP Support for Disjoint RLOC Domains

Sample Output for the show ip lisp database Command
To display Locator/ID Separation Protocol (LISP) egress tunnel router (ETR) configured local IPv4 endpoint
identifier (EID) prefixes and associated locator sets, use the show ip lisp database command in privileged
EXEC mode.
Device# show ip lisp database

.

221
Example: Verifying LISP Support for Disjoint RLOC Domains
.
.
10.10.10.0/24, locator-set R4
Sample Output for the show ipv6 lisp database Command

To display LISP ETR configured local IPv6 EID prefixes and associated locator sets, use the show ip lisp
database command in privileged EXEC mode.
Device# show ipv6 lisp database

.
.
.
2001:DB8::/48, locator-set R4
mm
Sample Output for the show lisp site detail Command

To display configured LISP sites on a LISP map server, use the show lisp site detail in privileged EXEC
mode.
Device# show lisp site detail

.
.
.
Site name: R4
.
.
.
EID-prefix: 10.10.10.0/24
.
.
.
TTL 1d00h, no merge, hash-function sha1, nonce 0x28517C31-0x7B233E66
state complete, no security-capability
xTR-ID 0xEC52ECC2-0x006CEAFE-0x814263B3-0x89675EB6
site-ID unspecified
Locator Local State Pri/Wgt Scope
10.0.4.1 yes up 1/1 s1
EID-prefix: 2001:DB8::/48
.
.
.
.
TTL 1d00h, no merge, hash-function sha1, nonce 0xF91CB211-0x5B00E72C
state complete, no security-capability
xTR-ID 0xEC52ECC2-0x006CEAFE-0x814263B3-0x89675EB6
site-ID unspecified
Locator Local State Pri/Wgt Scope
10.0.4.1 yes up 1/1 s1
.
.
.
Sample Output for the show ip lisp map-cache Command

To display the current dynamic and static IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) map
cache entries, use the show ip lisp map-cache command in privileged EXEC mode.

222
Additional References for LISP Support for Disjoint RLOC Domains
LISP IPv4 Mapping Cache for EID-table default (IID 0), 2 entries
.
.
.
10.0.3.1 00:01:14 up 1/1
Sample Output for the show ipv6 lisp map-cache Command

To display the current dynamic and static IPv6 EID-to-RLOC map-cache entries, use the show ipv6 lisp
map-cache command in privileged EXEC mode.
Device# show ipv6 lisp map-cache
.
.
.
2001:DB8::1/48, uptime: 00:02:18, expires: 00:12:44, via map-reply, complete
10.0.3.1 00:02:18 up 1/1
Additional References for LISP Support for Disjoint RLOC

Domains
Related Documents

Cisco IOS commands Cisco IOS Master Command List,
All Releases
Locator/ID Separation Protocol (LISP) commands Cisco IOS IP Routing: LISP

Command Reference
Description Link
and password.

223
Feature Information for LISP Support for Disjoint RLOC Domains
Feature Information for LISP Support for Disjoint RLOC Domains

Feature Name Release Feature Information
LISP Support for Disjoint RLOC Cisco IOS XE Release 3.11S The LISP Support for Disjoint
Domains RLOC domains feature enables
LISP-to-LISP communications
between LISP sites that are
connected to different RLOC
spaces but have no connectivity to
each other.

224
CHAPTER 11
LISP Data Plane Security
The Locator/ID Separation Protocol (LISP) Data Plane Security feature ensures that only traffic from within
a LISP VPN can be decapsulated into the VPN. The feature is enforced when LISP packets are decapsulated
by a tunnel router at the destination. Egress tunnel routers (ETRs) and proxy egress tunnel routers (PETRs)
validate that the source Routing Locator (RLOC) address carried by the data packet is a member of the LISP
VPN.
The solution relies on Unicast Reverse Path Forwarding (uRPF) being implemented in the RLOC network
to ensure that the RLOC source addresses in LISP encapsulated data packets cannot be spoofed. Packets
from outside the LISP VPN carry invalid source RLOCs that are blocked during decapsulation by ETRs and
PETRs.
The advantages of implementing the LISP Data Plane Security feature are given below:
• Enhanced security due to validation by ETRs and PETRs during decapsulation.

• Prerequisites for LISP Data Plane Security, page 226
• Restrictions for LISP Data Plane Security, page 226
• Information About LISP Data Plane Security, page 226
• How to Configure LISP Data Plane Security, page 228
• Configuration Examples for LISP Data Plane Security, page 235
• Additional References for LISP Data Plane Security, page 236
• Feature Information for LISP Data Plane Security, page 237


225
Prerequisites for LISP Data Plane Security
Prerequisites for LISP Data Plane Security

• Understanding of LISP concepts, including the concept of virtual routing and forwarding (VRF) instances
bound to instance IDs (IIDs). These concepts are explained in the chapters LISP Overview, Configuring
LISP, and LISP Shared Model Virtualization.
• uRPF implementation in the RLOC network.
Restrictions for LISP Data Plane Security

• All sites within a given LISP VPN must register to one or a common set of Map-Servers. That is, all IP
prefixes associated with a specific instance ID must be delegated from common a Map-Server to ensure
that these Map-Servers can construct a complete RLOC set for the given LISP VPN.
Information About LISP Data Plane Security

Source RLOC Decapsulation Filtering
This feature enhances data plane security by monitoring LISP packets during the decapsulation stage, when
the packets are sent from an ingress tunnel router (ITR) or proxy ingress tunnel router (PITR) to an ETR or
PETR. To protect LISP VPN end sites from decapsulating LISP packets that do not belong to the VPN, whether
the result of misconfiguration or an attack, the source address in the incoming LISP packets are compared
with a dynamically distributed set of source RLOC addresses corresponding to valid LISP VPN end sites.
LISP packet decapsulation by ETRs and PETRs validate that a source RLOC address of an incoming LISP
data packet is a member of the VPN. Note that this solution requires that source RLOC addresses are not
spoofed, and hence unicast RPF or ingress anti-spoofing access control lists (ACLs) are required within the
RLOC core network.
Consider the scenario in the image below:

226
Source RLOC Decapsulation Filtering
1 Customer A has 2 LISP sites, site1 and site2, each having an xTR (a device performing the role of ETR
and ITR). Site 1 and Site 2 register with the Map-Servers (of the Map-Server/Map-Resolver [MSMR]
devices) supporting the LISP control plane for the LISP VPN with instance ID 1. The Map-Server
automatically records the registration RLOCs for both sites, and dynamically pushes this list of valid
RLOCs to both sites. In this way, site 1 and site 2 of the customer A LISP VPN can send traffic between
each other. No other LISP encapsulated traffic is permitted, as the source RLOC will not match the valid
source RLOC list.
2 Customer N also has 2 LISP sites, site1 and site2, and both register to the Map-Servers supporting the
LISP control plane for this LISP VPN with instance ID 2. The Map-Server automatically records the
registration RLOCs for both sites, and dynamically pushes this list of valid RLOCs to both sites. In this
way, site 1 and site 2 of the customer N LISP VPN can send traffic between each other. No other LISP
encapsulated traffic is permitted, as the source RLOC will not match the valid source RLOC list.
In addition to the automatically learned source RLOCs of registering LISP sites, the per-IID (instance ID)
membership list can be extended to include specific source RLOCs of valid devices that do no register, such
as PxTRs. When this feature is deployed, the source RLOCs of the PxTR is made available with the xTRs.
Some pointers for implementing source RLOC decapsulation filtering are given below :
• For Map-Servers to be able to construct the complete list of members for an EID instance ID, they must
receive registrations from all the xTRs participating in the customer VPN.
• Map-Servers construct the EID instance ID-RLOC membership list using the RLOC information in the
received mapping records in map-register messages.
• All IP prefixes associated with a specific instance ID must be delegated from a common Map-Server to
ensure that these Map-Servers can construct a complete RLOC set for the given LISP VPN.
• All xTRs within a VPN must register with a common set of Map-Servers.

227
TCP-based Sessions for LISP Packet Transport
• PxTRs do not (normally) register with the Map-Servers, such that the Map-Servers could discover the
PxTR RLOC, and that the Map-Servers could distribute learned RLOCs to the PxTRs. Thus, PxTR
RLOCs need to be manually configured on the Map-Server.
• The EID instance membership lists built by Map-Servers are communicated only to xTRs and PxTRs
that are members of the VPN.
TCP-based Sessions for LISP Packet Transport

The LISP data plane security mechanism requires the automated distribution and updating of RLOC filter
lists to VPN members. This automated distribution is accomplished through a TCP-based session established
between the xTRs and Map-Servers after the normal registration process has completed.
For example, xTRs periodically transmit map register messages and process the resulting map notify messages
issued by the Map-Server. The Map-Servers process map register messages, update corresponding registration
state, and transmit matching map notify messages.
To implement a more reliable, secure, and scalable transport option, TCP-based sessions are provided for
LISP-related communication between xTRs and Map-Servers.
Some pointers regarding TCP-based sessions are given below:
• The UDP-based registration mechanism is conducted, and then a TCP-based session is established and
used for the distribution of EID-instance RLOC membership lists. The number of xTRs that a Map-Server
can support is limited by the number of TCP sessions that the Map-Server can establish and maintain.
This determines the number of VPN customers that a Map-Server can host.
• The xTRs belonging to the same VPN must register with the same Map-Servers. This limits the number
of sites within a VPN to the number of TCP sessions that a Map-Server can support.
How to Configure LISP Data Plane Security

Configuring MSMR
To configure the MSMR devices, perform the steps given below:
Note Steps 5 to 10 are optional. You can use those to modify the list of RLOC addresses (filter list) discovered
by the Map-Server.
Before You Begin

• Ensure that you have available any RLOCs associated with PxTRs serving within the LISP VPN.

228
Configuring MSMR
SUMMARY STEPS
1. enable
3. router lisp
4. map-server rloc members distribute
6. ipv4-address priority value weight value
7. exit
8. eid-table vrf vrf-name instance-id iid
9. map-server rloc members modify-discovered add locator-set locator-set-name
10. exit
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Step 4 map-server rloc members distribute Enables distribution of the list of EID prefixes to xTRs at the
customer end.
Example:
Device(config-router-lisp)# map-server rloc
members distribute
Step 5 locator-set locator-set-name (Optional) Specifies a locator set for the PxTR and enters
LISP locator set configuration mode.
Example:
Device(config-router-lisp)# locator-set PTR_set
Step 6 ipv4-address priority value weight value (Optional) Configures the LISP locator set. You can configure
each locator address by creating a locator entry with an
Example: assigned priority and weight

229
Configuring the xTRs

Step 7 exit (Optional) Exits LISP locator set configuration mode and
enters LISP configuration mode.
Example:
Step 8 eid-table vrf vrf-name instance-id iid (Optional) Configures an association between a VRF table
and a LISP instance ID, and enters eid-table configuration
Example: submode.
Device(config-router-lisp)# eid-table vrf
cust-A instance-id 1
Step 9 map-server rloc members modify-discovered add (Optional) Adds RLOC addresses in the specified locator set
locator-set locator-set-name to the list of discovered RLOC addresses.
Note The updated list will be sent to the xTRs at the
Example: customer end when the distribution option is
map-server rloc members modify-discovered add enabled.
locator-set PTR_set
Step 10 exit (Optional) Exits eid-table configuration submode and enters

Example:

230
To enable data plane security on the xTRs belonging to customer A (as shown in the image), configure the
xTR at site1, as shown below:
Before You Begin

• Ensure that you have configured the MSMR devices.
• Ensure that uRPF is implemented in the RLOC network.
• Ensure that you have identified EIDs and the LISP device acting as an xTR.
SUMMARY STEPS
1. enable
3. router lisp
4. decapsulation filter rloc source member
5. exit
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Step 4 decapsulation filter rloc source member Enables source RLOC address validation of LISP
packets.
Example:
Device(config-router-lisp)# decapsulation filter
rloc source member

configuration mode.
Example:

231
Configuring PxTR
What to Do Next
• The above steps enable data plane security for the xTR at one of customer A's sites, 'site1'. You need to
repeat the steps to enable RLOC decapsulation filtering for customer A's second site, 'site2'.
Configuring PxTR
To configure the PxTR, perform the steps given below:
Before You Begin

• Ensure that the MSMR devices and xTRs at the customer sites are configured.
SUMMARY STEPS
1. enable
3. router lisp
4. decapsulation filter rloc source members
5. exit
DETAILED STEPS

Example:
Device> enable
Example:
Example:
Step 4 decapsulation filter rloc source members Enables source RLOC address validation of LISP
packets.
Example:
Device(config-router-lisp)# decapsulation filter
rloc source members

configuration mode.
Example:

232
Verifying LISP Data Plane Security On a Map-Server
What to Do Next
• Configure any other PxTR as needed.
Verifying LISP Data Plane Security On a Map-Server

Verify the LISP Data Plane Security feature on a Map-Server by using the commands given below:
SUMMARY STEPS
1. show lisp [session [established] | vrf [vrf-name [session [peer-address]]]]

2. show lisp site rloc members [instance-id iid]
DETAILED STEPS
Step 1 show lisp [session [established] | vrf [vrf-name [session [peer-address]]]]
Example:
Device# show lisp session
Sessions for VRF default, total: 8, established: 7

Peer State Up/Down In/Out Users
2001:DB8:A:1::2 Up 00:04:13 2/7 2
2001:DB8:A:2::2 Up 00:04:13 2/7 2
2001:DB8:A:3::2 Up 00:03:53 2/7 2
2001:DB8:B:1::2 Up 00:04:04 2/6 2
2001:DB8:B:2::2 Init never 0/0 1
2001:DB8:C:1::2 Up 00:03:55 2/6 2
2001:DB8:C:2::2 Up 00:03:54 2/6 2
2001:DB8:E:F::2 Up 00:04:04 6/19 4
This command displays reliable transport session information. If there is more than one transport session, the corresponding
information will be displayed.
Step 2 show lisp site rloc members [instance-id iid]
Example:
Device# show lisp site rloc members
LISP RLOC membership for EID table default (IID 0), 5 entries
RLOC Origin Valid

10.0.1.2 registration Yes
10.0.2.2 config & registration Yes
The Origin column displays configuration details of the RLOC member – whether the RLOC member is manually
configured, automatically gleaned from received registrations, or both. The Valid column shows whether the RLOC is
a valid member that is distributed to (P)xTRs. A listed RLOC may not be valid if it is gleaned from registrations but the
'override' option is used in the 'modify-discovered' configuration, and the specified locator-set does not include the RLOC.

233
Verifying and Troubleshooting LISP Data Plane Security on an xTR or PxTR
Verifying and Troubleshooting LISP Data Plane Security on an xTR or PxTR

Verify the LISP Data Plane Security feature on an xTR or PxTR by using the commands given below:
SUMMARY STEPS
1. show lisp [session [established] | vrf [vrf-name [session [peer-address]]]]

2. show lisp decapsulation filter [IPv4-rloc-address | IPv6-rloc-address] [eid-table eid-table-vrf | instance-id
iid]
3. show cef source-filter table
4. debug lisp control-plane eid-membership
5. debug lisp control-plane session
DETAILED STEPS
Step 1 show lisp [session [established] | vrf [vrf-name [session [peer-address]]]]
Example:

2001:DB8:A:1::2 Up 00:04:13 2/7 2
2001:DB8:A:2::2 Up 00:04:13 2/7 2
2001:DB8:A:3::2 Up 00:03:53 2/7 2
2001:DB8:B:1::2 Up 00:04:04 2/6 2
2001:DB8:B:2::2 Init never 0/0 1
2001:DB8:C:1::2 Up 00:03:55 2/6 2
2001:DB8:C:2::2 Up 00:03:54 2/6 2
2001:DB8:E:F::2 Up 00:04:04 6/19 4
This command displays reliable transport session information. If there is more than one transport session, the corresponding
information will be displayed.
Step 2 show lisp decapsulation filter [IPv4-rloc-address | IPv6-rloc-address] [eid-table eid-table-vrf | instance-id iid]
Example:
Device# show lisp decapsulation filter instance-id 0
LISP decapsulation filter for EID-table default (IID 0), 3 entries
Source RLOC Added by

10.0.0.1 Config
10.0.0.5 209.165.200.230 209.165.200.232
10.0.0.6 Config 209.165.200.230
The RLOC address configuration details (whether it is manually configured or discovered) on a (P)xTR is displayed in
the above table.
Step 3 show cef source-filter table
Example:
Device# show cef source-filter table
[lisp:0:0:IPv4] state [enabled, active], 0 entries, refcount 3, flags [], action [drop]

234
Configuration Examples for LISP Data Plane Security
Database epoch 0
Hits 0, misses 0, fwd 0, drop 0
This command displays Cisco Express Forwarding (CEF) source-filter tables.

Step 4 debug lisp control-plane eid-membership
Example:
Device# debug lisp control-plane eid-membership
LISP control plane EID membership debugging is on
Displays debugging information for EID membership discovery.

Step 5 debug lisp control-plane session
Example:
Device# debug lisp control-plane session
LISP control plane session debugging is on
Displays detailed session establishment debugging information.
Configuration Examples for LISP Data Plane Security

Note Steps for adding the locator set and the RLOC address are optional. You can use those steps to modify
the list of RLOC addresses (filter list) discovered by the Map-Server.
Device> enable
Device(config-router-lisp)# map-server rloc members distribute
Device(config-router-lisp)# locator-set PTR_set
Device(config-router-lisp)# eid-table vrf cust-A instance-id 1
Device(config-router-lisp-eid-table)# map-server rloc members modify-discovered add
locator-set PTR_set
Repeat the above steps to configure one or more map servers, as needed
Example: Configuring the xTRs

Device> enable

235
Example: Configuring PxTR
Device(config-router-lisp)# decapsulation filter rloc source member

The above steps enable data plane security for the xTR at one of customer sites. You must repeat the steps to
enable RLOC decapsulation filtering for other sites.
Example: Configuring PxTR

Device> enable
Device(config-router-lisp)# decapsulation filter rloc source member
Additional References for LISP Data Plane Security

Related Documents

Cisco IOS commands Cisco IOS Master Commands List, All Releases
Locator/ID Separation Protocol (LISP) commands Cisco IOS IP Routing: LISP Command Reference
Standards and RFCs
Standard/RFC Title
RFC 6830 Locator/ID Separation Protocol (LISP)
RFC 6832 Interworking between Locator/ID Separation Protocol

(LISP) and Non-LISP Sites
RFC 6833 Locator/ID Separation Protocol (LISP) Map-Server

Interface
MIBs
MIB MIBs Link

To locate and download MIBs for selected platforms,
• CISCO-MIB Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs

236
Feature Information for LISP Data Plane Security
Description Link

Table 6: Feature Information for LISP Data Plane Security

LISP Data Plane Security Cisco IOS XE Release 3.14S The LISP Data Plane Security
feature ensures that only traffic
from within a LISP VPN can be
decapsulated into the VPN.
introduced by this feature: clear
lisp vrf, decapsulation filter rloc
source, debug lisp control-plane
eid-membership, debug lisp
control-plane session, map-server
rloc members distribute,
map-server rloc members
modify-discovered, show lisp
decapsulation filter, show lisp site
rloc members, show lisp session
.

237

238
CHAPTER 12
LISP Reliable Registration
The LISP Reliable Registration feature supports establishment of TCP based reliable map registration between
Egress Tunnel Router (ETR) and Map Server (MS).
• Information About LISP Reliable Registration, page 240

• Additional References for LISP Reliable Registration, page 243
• Feature Information for LISP Reliable Registration, page 244

239
Information About LISP Reliable Registration
Information About LISP Reliable Registration
LISP Reliable Map Registration

LISP ETR periodically sends UDP based map registration message to map server. This results in control
traffic and scalability problems. TCP based reliable map registration or LISP reliable map registration
mechanism is developed as an enhancement and replacement to the UDP based map registration mechanism.
Figure 47: LISP Reliable Map Registration Mechanism
The LISP reliable map registration mechanism as shown in the figure is described below:

240
Verifying the LISP Reliable Registration
• ETR sends UDP based map registration message to map server.

• Map server processes map registration and sends map-notify to ETR. This message serves as
acknowledgment.
• ETR initiates a TCP session with map-server using three-way handshake.
Note When TCP based map registration is not supported by map server then ETR uses UDP
based map registration to establish a session with the map server.
• Once the TCP session is established, map-server sends a registration refresh message to the ETR.
• ETR sends map registrations to the map server through the TCP connection.
• Map server acknowledges for the map registrations.
Note There are no configuration commands for this feature. This feature is turned on automatically.

Perform this task to verify the LISP Reliable Registration feature which is enabled automatically in the LISP
network. In this example, a LISP site uses a single edge router that functions as both ITR and ETR (known
as an xTR). Routing Locators (RLOCs) are in IPv4. EID prefixes are in both IPv4 and IPv6. The LISP site

241
registers to two map server/map resolver (MSMR) devices in the network core. The topology used in verifying
LISP Reliable Registration is as shown in the figure below.
Figure 48: LISP Reliable Registration Topology
The components as shown in the topology are described below:

• xTR1 and xTR2 are xTRs for 2 LISP sites.
• Core1 and Core 2 are routing locators (RLOCs) core routers with no LISP configuration.
• New MSMR is a map-server and map-resolver with reliable map-registration support, whereas Old
MSMR does not support reliable map-registration.
• PxTR1 works as a Proxy Ingress Tunnel Router (PITR) and Proxy Egress Tunnel Router (PETR) between
the network with 10.0.0.0/8 prefix and the LISP sites.
• Only static routing protocols are used in this setup to reduce control traffic.
In the following output, a ‘#’ sign in the ‘Up’ column indicates reliable map registration session.
Device# show lisp site

* = Some locators are down or unreachable
# = Some registrations are sourced by reliable transport

A never no -- 0.0.0.0/0
01:59:44 yes# 203.0.113.11 10.10.10.0/24
01:59:44 yes# 203.0.113.11 10.20.20.0/24
01:59:44 yes# 203.0.113.11 172.16.0.0/24
01:59:44 yes# 203.0.113.11 2001:DB8::/32
B never no -- 0.0.0.0/0
never no -- 10.0.0.0/8

242
Additional References for LISP Reliable Registration
01:59:43 yes# 198.51.100.21 10.30.30.0/24

01:59:43 yes# 198.51.100.21 10.40.40.0/24
never no -- 21.0.0.0/8
01:59:43 yes# 198.51.100.21 21.21.21.0/24
01:59:43 yes# 198.51.100.21 2001:DB8::/48
In the following output, no ‘#’ sign in the ‘Up’ column indicates that the Old MSMR does not support reliable
map registration.


A never no -- 0.0.0.0/0
00:00:00 yes 203.0.113.11 172.16.0.0/24
00:00:55 yes 198.51.100.21 21.21.21.0/24
00:00:03 yes 203.0.113.11 2001:DB8::/32
B never no -- 10.0.0.0/8
00:00:00 yes 203.0.113.11 10.10.10.0/24
00:00:00 yes 203.0.113.11 10.20.20.0/24
00:00:55 yes 198.51.100.21 10.30.30.0/24
00:00:55 yes 198.51.100.21 10.40.40.0/24
00:00:52 yes 198.51.100.21 2001:DB8::/48
The following output is from xTR1 that uses 2 map servers. Reliable map-registration session is established
with 209.165.201.31 (New MSMR), but not with 209.165.201.41 (Old MSMR).

209.165.201.31 Up 05:05:40 6/3 2
209.165.201.41 Down never 0/0 1
The following output is from New MSMR. It has established reliable map-registration sessions with two
ETRs.

203.0.113.11 Up 05:19:53 3/6 1
198.51.100.21 Up 05:18:28 2/5 1

Related Documents


243
Feature Information for LISP Reliable Registration
Standards and RFCs
Standard/RFC Title
RFC 6830 The Locator/ID Separation Protocol (LISP)
Description Link
and password.
Feature Information for LISP Reliable Registration

Table 7: Feature Information for LISP Reliable Registration

LISP Reliable Registration Cisco IOS XE Denali 16.2 The LISP Reliable Registration
feature supports establishment of
TCP based reliable
map-registration between Egress
Tunnel Router (ETR) and Map
Server (MS).
modified: show lisp site.

244
CHAPTER 13
Overlapping Prefix
The Overlapping prefix feature supports Endpoint Identifier (EID) registration by two sites where the EID
prefix from one LISP site is a subset of the EID prefix from another LISP site.
• Prerequisites for Overlapping Prefix, page 245

• Information About Overlapping Prefix, page 245
• How to Configure Overlapping Prefix, page 246
• Additional References for Overlapping Prefix, page 247
• Feature Information for Overlapping Prefix, page 248
Prerequisites for Overlapping Prefix

• Reliable registration must be established between the xTR (performs functions of both Egress Tunnel
Router and Ingress Tunnel Router components) and map server/map resolver (MS/MR).
Information About Overlapping Prefix
Endpoint ID (EID)
An EID value for IPv4 is 32 bit and EID value for IPv6 is 128-bit. EIDs are used in the source and destination
address fields of the first LISP header of a packet.
EID-Prefix
An EID-Prefix is a power-of-two blocks of EIDs allocated to a LISP site by an address allocation authority.

245
Overlapping Prefix
Map Server/Map Resolver (MS/MR)
Map Server/Map Resolver (MS/MR)

MS and MR functions are implemented on the same device, which is referred to as an MS/MR device.
How to Configure Overlapping Prefix
Configuring Overlapping Prefix

Configure EID-prefix with "accept-more-specifies" keyword to allow MS to accept registration of more
specific prefix.
router lisp
site site3
authentication-key cisco
exit
Register 3.0.0.0/8 with MS.

router lisp
Register 3.1.0.0/16 with MS, which is more specific and overlap with 3.0.0.0/8 prefix registered from xTR3.
router lisp
Verifying Overlapping Prefix

Perform this task to verify the Overlapping Prefix feature in the LISP network. In this example, there are four
routers: MSMR, xTR2, xTR3, and xTR4. Each router has an interface connection in the same subnet (RLOC
space) 10.0.0.0/24. The following are the IP addresses of the routers:
Router IP Address
MSMR 10.0.0.1
xTR2 10.0.0.2
xTR3 10.0.0.3
xTR4 10.0.0.4
MS/MR Output:

# = Some registrations are sourced by reliable transport

246
Overlapping Prefix
Additional References for Overlapping Prefix
site2 00:15:08 yes# 10.0.0.2 2.0.0.0/8
site3 00:15:05 yes# 10.0.0.3 3.0.0.0/8
00:15:01 yes# 10.0.0.4 3.1.0.0/16
site4 00:15:01 yes# 10.0.0.4 4.0.0.0/8
xTR1 Output:

10.0.0.3 00:00:16 up 1/100
10.0.0.4 00:00:08 up 1/100
xTR2 Output:

10.0.0.2 00:00:57 up 1/100
3.1.0.0/16, uptime: 00:18:40, expires: 23:42:12, via map-reply, self, complete
10.0.0.4 00:17:47 up 1/100
Device# show ip lisp away
LISP Away Table for router lisp 0 (default) IID 0

Entries: 1
Prefix Producer
3.1.0.0/16 mapping-notification
xTR3 Output:

10.0.0.2 00:01:35 up 1/100

Entries: 0
Additional References for Overlapping Prefix

Related Documents


247
Overlapping Prefix
Feature Information for Overlapping Prefix

Standards and RFCs
Standard/RFC Title
Description Link
and password.
Feature Information for Overlapping Prefix

Table 8: Feature Information for Overlapping Prefix

Overlapping Prefix Cisco IOS XE Denali 16.2 The Overlapping prefix feature
supports Endpoint Identifier (EID)
registration by two sites where the
EID prefix from one LISP site is a
subset of the EID prefix from
another LISP site.
modified: authentication-key,
database-mapping, router lisp.

248
CHAPTER 14
LISP Generalized SMR
The LISP Generalized SMR feature enables LISP xTR (ITR and ETR) to update map cache when there is
a change in database mapping.
Note There is no configuration commands for this feature. This feature is turned on automatically.
• Information About LISP Generalized SMR, page 249

• Verifying LISP Generalized SMR , page 250
• Additional References for LISP Reliable Registration, page 252
• Feature Information for LISP Generalized SMR, page 253
Information About LISP Generalized SMR
Solicit-Map-Request (SMR)
Soliciting a Map-Request enables ETRs to control requests for Map-Reply messages when there is change in
database mapping. SMRs enable remote ITRs to update the database mappings that are cached. An SMR
message is simply a bit set in a Map-Request message. An ITR or PITR will send a Map-Request when they
receive an SMR message.
Note There is no configuration commands for this feature. This feature is turned on automatically.
Generalized SMR (GSMR)

SMR was mainly used to support LISP mobility. This mechanism has been generalized (Generalized Solicit
Map Request - GSMR) to support the following use cases:

249
Verifying LISP Generalized SMR
• De-configured local EID

• Local EID no-route (when an ETR decapsulates a data packet and finds no route for a configured local
EID)
• Mobility host move out and detection
• Overlapping prefix
Note There are no configuration commands for this feature. This feature is turned on automatically.

Perform this task to verify the LISP Generalized SMR feature which is enabled automatically in the LISP
LISP Generalized SMR is as shown in the figure below.
Figure 49: LISP Generalized SMR Topology


250
Verifying 172.16.0.0/24 is in map cache on xTR2:

203.0.113.11 00:00:05 up 1/100
203.0.113.11 00:35:49 up 1/100
Shutting down interface Ethernet1/0 on xTR1:
Device(config)# interface ethernet 1/0
Device(config-if)# shutdown
Verifying 172.16.0.0/24 is in map cache on xTR1:

Device# show ip lisp data
LISP ETR IPv4 Mapping Database for EID-table default (IID 0), LSBs: 0x1
Entries total 3, no-route 1, inactive 0
10.10.10.0/24, locator-set set1
10.20.20.0/24, locator-set set1
172.16.0.0/24, locator-set set1 *** NO ROUTE TO EID PREFIX ***
Pinging Host A from Host B:
.....
Success rate is 0 percent (0/5)
xTR1 decapsulates the data packets, finds out the no-route situation, and sends an SMR to xTR2:
Device#
*Feb 19 22:08:15.160: LISP: Send map request type dyn-EID SMR
*Feb 19 22:08:15.160: LISP: Send map request for EID prefix IID 0 192.168.0.22/32
*Feb 19 22:08:15.160: LISP-0: AF IID 0 IPv4, Send SMR map-request for 172.16.0.12 to
198.51.100.21.
*Feb 19 22:08:15.160: LISP-0: EID-AF IPv4, Sending probe map-request from 203.0.113.11 to
198.51.100.21
for EID 21.21.21.22/32, ITR-RLOCs 1, nonce 0x68E45971-0xE3DF4931, SMR 172.16.0.12, DoNotReply.
xTR2 processes the SMR and sends out a map-request to the map server:
Device#
*Feb 19 22:08:15.161: LISP: Processing received Map-Request(1) message on Ethernet0/0 from
203.0.113.11:4342 to 198.51.100.21:4342
*Feb 19 22:08:15.161: LISP: Received map request for IID 0 192.168.0.22/32, source_eid IID
0 172.16.0.12, ITR-RLOCs: 203.0.113.11,
records 1, nonce 0x68E45971-0xE3DF4931, probe, SMR, DoNotReply
*Feb 19 22:08:15.161: LISP-0: AF IID 0 IPv4, Scheduling SMR trigger Map-Request for
172.16.0.12/32 from 192.168.0.22.
*Feb 19 22:08:15.161: LISP-0: IID 0 SMR & D bit set, not replying to map-request.
*Feb 19 22:08:15.290: LISP: Send map request type SMR
Device#
*Feb 19 22:08:15.290: LISP-0: AF IID 0 IPv4, Send SMR triggered map request for 172.16.0.12/32
(1) from 192.168.0.22.

251
*Feb 19 22:08:15.290: LISP-0: EID-AF IPv4, Sending map-request from 172.16.0.12 to 172.16.0.12
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x4D04AB2F-0x99FF6FF5 (encap src 198.51.100.21, dst 209.165.201.41).
Device#
(2) from 192.168.0.22.
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x4D04AB2F-0x99FF6FF5 (encap src 198.51.100.21, dst 209.165.201.41).
Device#
*Feb 19 22:08:18.423: LISP-0: Map Request IID 0 prefix 172.16.0.12/32 SMR[LL], Switching
Map-Resolver 209.165.201.41 to 209.165.201.31.
(3) from 192.168.0.22.
for EID 172.16.0.12/32, ITR-RLOCs 1,
nonce 0x5A4AC708-0x59A42AB6 (encap src 198.51.100.21, dst 209.165.201.31).
*Feb 19 22:08:18.424: LISP: Processing received Map-Reply(2) message on Ethernet0/0 from
209.165.201.31:4342 to 198.51.100.21:4342
*Feb 19 22:08:18.424: LISP: Received map reply nonce 0x5A4AC708-0x59A42AB6, records 1
xTR2's map-cache is updated upon map-reply from the map server:

203.0.113.11 00:24:04 up 1/100
172.16.0.10/24, uptime: 00:59:48, expires: 00:00:51, via map-reply, forward-native
Negative cache entry, action: forward-native
xTR1 will put the 172.16.0.10/24 prefix in its away table:
Entries: 1
Prefix Producer
172.16.0.10/24 local EID

Related Documents

Standards and RFCs
Standard/RFC Title

252
Feature Information for LISP Generalized SMR
Description Link
and password.

Table 9: Feature Information for LISP Generalized SMR

LISP Generalized SMR Cisco IOS XE Denali 16.2 The LISP Generalize SMR feature
supports LISP mobility,
de-configured local Endpoint
Identifier (EID), local EID
no-route, overlapping prefix
support, and mobility host move
out and detection.
modified: show ip lisp away, show
ip lisp data, show ip lisp
map-cache.

253

254
CHAPTER 15
TTL Propagate Disable and Site-ID Qualification
The TTL Propagate Disable feature supports disabling of the TTL (Time-To-Live) propagation for
implementing the traceroute tool in a LISP network when RLOC and EID belong to different address-family.
The Site ID Qualification feature supports Endpoint Identifier (EID) prefix registration by multiple LISP
sites.
• Information About TTL Propagate Disable and Site-ID Qualification, page 255
• How to Configure Site ID Qualification, page 258
• How to Disable TTL Propagation, page 259
• Additional References for TTl Propagate Disable and Site-ID Qualification, page 261
• Feature Information for TTL Propagate Disable and Site-ID Qualification, page 262
Information About TTL Propagate Disable and Site-ID

Qualification
LISP Site
LISP site is a set of routers in an edge network that are under a single technical administration. LISP routers
in the edge network are the demarcation points to separate the edge network from the core network.
Map Server (MS)

An MS implements part of the distributed LISP mapping database by accepting registration requests from its
client Egress Tunnel Routers (ETRs) and aggregating the successfully registered EID prefixes of ETRs.
Routing Locator (RLOC)

An RLOC is an IPv4 or IPv6 address of an Egress Tunnel Router (ETR).

255
Traceroute Tool
Traceroute Tool
The traceroute tool is used to discover the routes that packets take when traveling to their destination.
Site ID Qualification
A site is best conceptualized as an authentication domain: A set of ETRs under the same administrative control.
The map server authenticates all ETRs in a site using the same shared key. Without the concept of a site, the
map server would be required to have prior knowledge of every ETR in the network along with its authentication
key. Site managers will not be able to deploy new ETRs without changing the configuration of the map servers.
When a site is considered as an authentication domain as opposed to a topological grouping, then it is easy
to see that the benefit of site ID qualification resides in the ability of reaching an EID prefix through ETRs
under different administrative control.
With Site ID Qualification, the map server can have the same prefix configuration under multiple sites. The
name of the feature stems from the requirement that any two sites with at least one prefix in common must
be qualified with a unique site IDs.

256
TTL Propagation
TTL Propagation
Figure 50: TTL Propagation Mechanism
TTTL Propagation mechanism as shown in the figure is described below:

• A LISP ITR encapsulates a packet and copies TTL value from inner header to outer header.
• A LISP ETR decapsulates a packet and copies TTL value from outer header to inner header if the outer
header TTL value is smaller than the inner header TTL.
When TTL propagation is enabled the traceroute tool can display all middle hops between an LISP ITR and
ETR. However, when RLOC and EID are of different address-family the traceroute output is undesirable.

257
How to Configure Site ID Qualification
When the above cross address-family situation exists, LISP does not propagate TTL between inner and outer
IPv4 or IPv6 headers. During encapsulation, ITR uses the maximum permissible TTL in the outer header
instead of using the TTL value from the inner header.
It is better to make the LISP tunnel between the ITR and ETR appear as a single hop to the client of traceroute.
This is done through the disable-ttl-propagate configuration CLI either for a specific eid-table or the entire
router lisp tag.
Note The TTL propagation is turned on automatically.
How to Configure Site ID Qualification
Configuring Site ID Qualification

site A
conf t
router lisp
site A
site-id 1
authentication-key key1
site B
conf t
router lisp
site A
site-id 1
Example: Site ID Qualification

When a site ID registration is received, the map server searches for the longest matching configured prefix.
If the resulting prefix is less specific than the registration and does not have "accept-more-specifics" keyword,
the registration is rejected; otherwise it is authenticated using the key of the site associated with the prefix.
In this example "lazy" map server configuration is used so that an ETR can register any prefix with the map
server.
Lazy Map Server Configuration:
Note Setup a new MSMR that has the same lazy configuration for two different sites.
enable
conf t
router lisp
locator-table default
site A
site-id 100
eid-prefix 2000:AAAA:BBBB::/96 accept-more-specifics

258
How to Disable TTL Propagation
exit
!
site B
site-id 200
eid-prefix 2000:BBBB:AAAA::/96 accept-more-specifics
exit
ipv4 map-server
ipv4 map-resolver
ipv6 map-server
ipv6 map-resolver
exit
How to Disable TTL Propagation
Note The TTL propagation can be disabled for a specific EID-table or an entire router LISP tag.
Disabling TTL Propagation for EID-Table

enable
configure terminal
router lisp
disable-ttl-propagate
end
Disabling TTL Propagation for Router LISP Tag

enable
configure terminal
router lisp
disable-ttl-propagate
end
Verifying TTL Propagate Disable

Perform this task to verify the TTL Propagate Disable feature which is enabled automatically in the LISP

259
Verifying TTL Propagate Disable
TTL Propagate Disable is as shown in the figure below.
Figure 51: TTL Propagate Disable Topology

Note An IPv6 EID and IPv4 RLOC traceroute output will hide the middle hops between ITR and ETR even
when TTL propagation is not disabled.
After disabling TTL propagation, an IPv4 EID over IPv4 RLOC traceroute output appears as below
on Host A:
Device# traceroute 192.168.0.22

Tracing the route to 192.168.0.22
VRF info: (vrf in name/id, vrf out name/id)
1 203.0.113.11 1 msec 1 msec 0 msec

260
Additional References for TTl Propagate Disable and Site-ID Qualification
2 10.40.40.21 1 msec 1 msec 1 msec

3 192.168.0.22 0 msec 2 msec *
Additional References for TTl Propagate Disable and Site-ID

Qualification
Related Documents

Standards and RFCs
Standard/RFC Title
Description Link
and password.

261
Feature Information for TTL Propagate Disable and Site-ID Qualification
Feature Information for TTL Propagate Disable and Site-ID

Qualification
Table 10: Feature Information for TTL Propagate Disable and Site-ID Qualification

TTL Propagate Disable and Site-ID Cisco IOS XE Denali 16.2 The TTL Propagate Disable feature
Qualification supports disabling of the TTL
(Time-To-Live) propagation for
implementing the traceroute tool
in a LISP network when RLOC and
EID belong to different
address-family.
The Site ID Qualification feature
supports Endpoint Identifier (EID)
prefix registration by multiple LISP
sites.
modified: disable-ttl-propagate,
eid-prefix, eid-table, router lisp,
site-id, traceroute.

262
CHAPTER 16
DNA SA Border Node Support
Digital Network Architecture (DNA) Security Access (SA) is an Enterprise architecture that brings together
multiple building blocks needed for a programmable, secure, and highly automated fabric. Secure Fabric
forms the foundation of this architecture and is targeted to address next generation campus trends. From
Cisco IOS XE Everest 16.4.1 release, ASR 1000/ISR 4000 platforms can be supported as the border node
of DNA SA fabric, handing off the enterprise campus fabric to iWAN, providing IP connectivity across
campus and branches. The fabric is separated for campus and branches, and the border node will hand off
the LISP/VxLAN-GPO fabric to WAN. In the 16.4.1 release, the handoff is to the DMVPN/MPLS WAN
with manual configuration.

• Restrictions for DNA SA Border Node Support, page 263
• Information About DNA SA Border Node Support, page 264
• Configuration Example: Border Node as LISP PxTR, page 267
• Configuration Example: Border Node as LISP xTR, page 271
• Feature Information for DNA SA Border Node Support, page 273

Restrictions for DNA SA Border Node Support

• IPv6 RLOC and IPv6 EID is not supported for DNA SA.
• IPv4 SGT can control (enable or disable) IPv4/IPv6 EID SGT. IPv6 SGT is not supported.

263
Information About DNA SA Border Node Support
• Multicast configuration cannot change encapsulation type.
Information About DNA SA Border Node Support
Enabling VxLAN Encapsulation for LISP Control Plane

To enable VXLAN encapsulation for LISP, use the encapsulation vxlan command in the router lisp configuration
mode. This command must be configured on all LISP edge devices in the enterprise fabric deployment: Ingress
Tunnel Router (ITR), Egress Tunnel Router (ETR), Proxy Ingress Tunnel Router (PITR), Proxy Egress Tunnel
Router (PETR). Failure to configure this command on any of the LISP edge devices will result in loss of
control and data traffic.
Use the show platform software lisp udp-src-port ipv4 src_ip dest_ip protocol command to see the UDP
source port according to the data packets. You can also use ipv6 in the command.
Note VXLAN must not be configuration on the device when VXLAN encapsulation is enabled for LISP.
Conversely, VXLAN encapsulation for LISP must not be enabled when configuring other VXLAN
protocols.
Two deployment modes are supported, one is to configure border node as PxTR and the other is to configure
border node as XTR.

264
Configuring Border Node as LISP PxTR
Configuring Border Node as LISP PxTR

Border node can be configured as PxTR for the fabric.
Figure 52: Border Node as LISP PxTR
Control Plane Connectivity

Campus-to-Branches direction:
• xTR will register its direct attached host to MS/MR through LISP map-register.
• There will be per-VRF BGP sessions between MS/MR and PxTR, MS/MR will advertise LISP routes
to PxTR
• PxTR will re-originate those routes to WAN through EIGRP or BGP.
Branches-to-Campus direction:
• Branch routes will advertise its routes to border nodes of campus through EIGRP or BGP.
• Border nodes (PxTR) will not advertise routes to LISP MS/MR.
• On XTR, configure “ipv4 use-petr <rloc of PxTR> ”
Packet Flow with Control Plan Interworking

H1 to H2: SIP:10.10.10.1, DIP: 20.20.20.2
• Assuming xTR2 is the default gateway for H1 (it might not be the access switch, but the distribution
switch instead). H1 sends the IP packet to xTR2 after it resolves the ARP entry for gateway MAC.
• On xTR2, the IPv4 use-petr 2.2.2.2 is configured.
• On xTR2, a MAP request is initiated to MAP request, to resolve 20.20.20.2

265
Configuring Border Node as LISP xTR
• A negative MAP reply is sent from MS/MR to xTR2.

• xTR2 encapsulation with LISP head and sends to LISP PxTR 1.1.1.1
• Branch router 2.2.2.2 advertises 20.20.20/24 routes to border node 1.1.1.1 using WAN protocol
BGP/EIGRP.
• PxTR send the packet to remote branch router 2.2.2.2 through iWAN/DMVPN.
H2 to H1: SIP: 20.20.20.2, DIP: 10.10.10.1

• xTR2 register 10.10.10.1 to MS/MS through LISP MAP-register.
• MS/MR advertise this route to PxTR 1.1.1.1
• PxTR re-originates route to branch route 2.2.2.2
• H2 sends the packets to branch router 2.2.2.2
• Branch router 2.2.2.2 forwards the packets to PxTR 1.1.1.1
• PxTR sends MAP-request to resolve 10.10.10.1, and the MAP-reply is from xTR2.
• PxTR sends LISP packets to xTR2 and then to H1.
Configuring Border Node as LISP xTR

Border node can be configured as xTR for the fabric.
Figure 53: Border Node as LISP xTR
Control Plane Connectivity

Campus-to-Branches direction--For each subnet of fabric, you must manually configure a static route to null0
on ASR1K xTR. Example: ip route vrf vrf1 10.10.10.1 255.255.255.0 Null0 tag 110 ASR1K xTR (1.1.1.1)
will advertise this static route to remote branches (2.2.2.2) through BGP or EIGRP.

266
Security Group Tag (SGT) Propagation
Branches-to-Campus direction--Remote Branch (2.2.2.2) will advertise routes 20.20.20.2 to ASR1K xTR
(1.1.1.1) through BGP or EIGRP. On ASR1K xTR, configure “ipv4 route-import database bgp 100 …” under
LISP EID table to import BGP/EIGRP as LISP EID table. ASR1K xTR 2.2.2.2 will initiate MAP-register to
register the EID learnt from BGP.
Packet Flow with Control Plan Interworking
H1 to H2: SIP:10.10.10.1, DIP: 20.20.20.2
• Branch route 2.2.2.2 advertises routes 20.20.20.0/24 to LISP xTR 1.1.1.1 through BGP/EIGRP.
• LISP xTR 1.1.1.1 will import 20.20.20.0/24 into local EID table.
• LISP xTR 1.1.1.1 sends MAP-register to MS/MR to register 20.20.20.0/24 as its local EID
• H1 sends IP packets to xTR2 after it resolves the MAC address of xTR2.
• xTR2 sends map-request to resolve the device for 20.20.20.2 and the RLOC is 1.1.1.1
• xTR2 sends VxLAN encapsulated packets to 1.1.1.1
• RLOC 1.1.1.1 terminates VxLAN and forwards the packets to 2.2.2.2.
H2 to H1: SIP: 20.20.20.2, DIP: 10.10.10.1

• Static route of 10.10.10.1/24 is configured on xTR 1.1.1.1 and it points to null0
• xTR advertises this route to branch 2.2.2.2
• H2 sends packets to branch router 2.2.2.2
• Branch router forwards the packets to LISP xTR 1.1.1.1
• Branch router 2.2.2.2 forwards the packets to PxTR 1.1.1.1
• On LISP xTR 1.1.1.1, 10.10.10.1/24 is pointed to null0, which will trigger LISP routing; it will send
MAP-request to resolve the RLOC for 10.10.10.1.
• LISP xTR 1.1.1.1 sends VxLAN encapsulated packets to xTR2.
Security Group Tag (SGT) Propagation

Besides the control plane and data plane connectivity, the SGT tag must be carried over from the campus
fabric to WAN and vice-versa, so that SGT tag based policy will be enforced end-to-end across campus and
branches. This function has dependence on WAN; if the WAN cannot carry the SGT tag, the tag will be lost.
Configuration Example: Border Node as LISP PxTR

Border node configuration:
vrf definition vrf1

rd 1:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
!

267
vrf definition vrf2

rd 1:2
!
address-family ipv4
exit-address-family
!
interface Loopback1
vrf forwarding vrf1
ip address 7.7.7.7 255.255.255.255
!
interface Tunnel100
description “iwan tunnel for vrf1”
vrf forwarding vrf1
ip address 100.0.0.1 255.255.255.0
tunnel source GigabitEthernet2
tunnel key 100
!
interface Tunnel101
description “iwan tunnel for vrf2”
vrf forwarding vrf2
ip address 101.0.0.1 255.255.255.0
tunnel key 101
!
interface Tunnel1000
description “pxtr and msmr tunnel vrf1”
vrf forwarding vrf1
ip address 200.0.0.2 255.255.255.0
tunnel key 1000
!
vrf forwarding vrf2
ip address 201.0.0.2 255.255.255.0
tunnel key 1001
!
interface GigabitEthernet1
ip address 15.0.0.2 255.255.255.0
ip ospf 1 area 0
!
ip address 16.0.0.1 255.255.255.0
!
router lisp
encapsulation vxlan //Enable VXLAN GPO encapsulation for the LISP data plane//
map-cache 0.0.0.0/0 map-request
exit
!
eid-table vrf vrf1 instance-id 1
ipv4 route-import map-cache bgp 100 route-map set_lisp_vrf1
exit
!
ipv4 route-import map-cache bgp 100 route-map set_lisp_vrf2
exit
!
ipv4 sgt //enable SGT function for SGT tag propagation//
exit
!
ipv4 map-request-source 14.0.0.2
ipv4 proxy-etr
ipv4 proxy-itr 15.0.0.2

268
exit
!
router ospf 1
!
router bgp 100
!
address-family ipv4 vrf vrf1
neighbor 200.0.0.1 ebgp-multihop 255
neighbor 200.0.0.1 update-source Tunnel1000
exit-address-family
!
exit-address-family
!
ip community-list 10 permit 1000:1
!
route-map set_lisp_vrf1 permit 10
match community 10
!
match community 11
!
!
MSMR configuration:
vrf definition vrf1
rd 1:1
!
address-family ipv4
exit-address-family
!
vrf definition vrf1000
rd 1000:1
!
address-family ipv4
exit-address-family
!
vrf definition vrf2
rd 1:2
!
address-family ipv4
exit-address-family
!
interface Loopback0
ip address 14.0.0.1 255.255.255.255
ip ospf 1 area 0
!
vrf forwarding vrf1
ip address 200.0.0.1 255.255.255.0
tunnel source GigabitEthernet3.6
tunnel key 1000
!
vrf forwarding vrf2
ip address 201.0.0.1 255.255.255.0

269
tunnel source GigabitEthernet3.6

tunnel key 1001
!
no ip address
!
interface GigabitEthernet2.4
ip address 12.0.0.2 255.255.255.0
ip ospf 1 area 0
!
ip address 12.0.1.2 255.255.255.0
ip ospf 1 area 0
!
no ip address
negotiation auto
cdp enable
!
ip address 13.0.0.1 255.255.255.0
ip ospf 1 area 0
!
ip address 13.0.1.1 255.255.255.0
ip ospf 1 area 0
!
router lisp
exit
!
ipv4 route-export site-registrations
exit
!
ipv4 route-export site-registrations
exit
!
rtr-set rtr
12.0.0.1 authentication-key cisco
12.0.1.1 authentication-key cisco
exit
!
map-server advertise-rtr-set rtr
site xtr1
advertise-rtr-set rtr
eid-prefix 1.1.1.1/32 route-tag 110
eid-prefix instance-id 1 5.5.5.5/32 route-tag 100
exit
!
site xtr2
eid-prefix 2.2.2.2/32 route-tag 110
exit
!
ipv4 map-server
ipv4 map-resolver
exit
!
router ospf 1
!
router bgp 200

270
Configuration Example: Border Node as LISP xTR
!
redistribute lisp metric 11 route-map set_lisp_vrf1
exit-address-family
!
redistribute lisp metric 11 route-map set_lisp_vrf2
exit-address-family
!
!
!
match tag 100
!
match tag 110
!

Border node configuration:
vrf definition vrf1

rd 1:1
!
address-family ipv4
exit-address-family
!
vrf definition vrf2
rd 1:2
!
address-family ipv4
exit-address-family
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
vrf forwarding vrf1
ip address 6.6.6.6 255.255.255.255
!
interface Tunnel200
description “iWAN tunnel to remote branch”
vrf forwarding vrf1
ip address 150.0.0.2 255.255.255.0
tunnel key 200
!
ip address 17.0.0.2 255.255.255.0
!
no ip address

271
!
ip address 13.0.0.2 255.255.255.0
ip ospf 1 area 0
!
ip address 13.0.1.2 255.255.255.0
ip ospf 1 area 0
!
ip address 15.0.0.1 255.255.255.0
ip ospf 1 area 0
!
router lisp
encapsulation vxlan
locator-set set1
exit
!
database-mapping 2.2.2.2/32 locator-set set1
exit
!
ipv4 route-import database bgp 100 route-map match_com locator-set set1
exit
!
exit
!
ipv4 sgt //enable SGT function for SGT tag propagation//
exit
!
ipv4 itr
ipv4 etr map-server 14.0.0.1 key cisco
ipv4 etr
exit
!
router ospf 1
!
router bgp 100
!
redistribute static route-map tag_110
exit-address-family
ip route vrf vrf1 5.5.5.5 255.255.255.255 Null0 tag 110
!
route-map tag_110 permit 10
match tag 110
!
route-map match_com permit 10
match community 10
!

272
Feature Information for DNA SA Border Node Support

Table 11: Feature Information for DNA SA Border Node Support

DNA SA Border Node Support Cisco IOS XE Everest 16.4.1 From Cisco IOS XE Everest 16.4.1
Release release, ASR 1000/ISR 4000
platforms can be supported as the
border node of DNA SA fabric,
handing off the enterprise campus
fabric to iWAN, providing IP
connectivity across campus and
branches.

273

274

Irl Xe 16 Book

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Irl Xe 16 Book

Hochgeladen von

Copyright:

Verfügbare Formate

IP Routing: LISP Configuration Guide

© 2011–2013 Cisco Systems, Inc. All rights reserved.

CHAPTER 1 Read Me First 1

CHAPTER 2 Locator ID Separation Protocol (LISP) Overview 3

CHAPTER 3 Configuring LISP (Locator ID Separation Protocol) 11

IP Routing: LISP Configuration Guide

Configure a Private LISP Mapping System Using a Standalone Map Resolver/Map

CHAPTER 4 LISP Multicast 91

CHAPTER 5 LISP Shared Model Virtualization 109

IP Routing: LISP Configuration Guide

How to Configure LISP Shared Model Virtualization 115

CHAPTER 6 LISP Parallel Model Virtualization 151

CHAPTER 7 LISP Host Mobility Across Subnet 179

CHAPTER 8 LISP Delegate Database Tree (DDT) 181

IP Routing: LISP Configuration Guide

CHAPTER 9 LISP ESM Multihop Mobility 183

CHAPTER 10 LISP Support for Disjoint RLOC Domains 201

IP Routing: LISP Configuration Guide

CHAPTER 11 LISP Data Plane Security 225

CHAPTER 12 LISP Reliable Registration 239

CHAPTER 13 Overlapping Prefix 245

IP Routing: LISP Configuration Guide

Map Server/Map Resolver (MS/MR) 246

CHAPTER 14 LISP Generalized SMR 249

CHAPTER 15 TTL Propagate Disable and Site-ID Qualification 255

CHAPTER 16 DNA SA Border Node Support 263

IP Routing: LISP Configuration Guide

Restrictions for DNA SA Border Node Support 263

IP Routing: LISP Configuration Guide

IP Routing: LISP Configuration Guide

Obtaining Documentation and Submitting a Service Request

IP Routing: LISP Configuration Guide

IP Routing: LISP Configuration Guide

• Finding Feature Information, page 3

Finding Feature Information

Prerequisites for Configuring LISP

IP Routing: LISP Configuration Guide

Restrictions for Configuring LISP

Information About Configuring LISP

LISP Functionality Overview

IP Routing: LISP Configuration Guide

Figure 1: LISP Deployment Environment

LISP Network Element Functions

LISP Alternative Logical Topology

IP Routing: LISP Configuration Guide

LISP Egress Tunnel Router

LISP Ingress Tunnel Router (ITR)

LISP Map Resolver

IP Routing: LISP Configuration Guide

LISP Map Server

LISP Proxy ETR

LISP Proxy ITR

IP Routing: LISP Configuration Guide

Feature Information for LISP Overview

Table 1: Feature Information for LISP Overview

Feature Name Releases Feature Information

IP Routing: LISP Configuration Guide

Feature Name Releases Feature Information

IP Routing: LISP Configuration Guide

IP Routing: LISP Configuration Guide

• Prerequsites for Configuring LISP, page 11

Prerequsites for Configuring LISP

IP Routing: LISP Configuration Guide